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The heart of this device is a new state of the art 
PowerPC networking processor. It makes the 
RB600 faster than any other MikroTik wireless 
router, introducing a whole new class 
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Two Compactflash slots for webproxy cache 
and configuration backups of the User Manager 
database or The Dude server. 


RB600 includes RouterOS - the operating system 
which makes this the most sophisticated 
wireless router, firewall, bandwidth manager, or 

hotspot. 
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>} Lea m the Path 
to a More 
Secure System 



» Discover 
Dangerous 
pilaws in Your 
DNS Infrastructure 



+ Creating JPsecand 5SL/TLS 
Tunnels In Linux 

Whet’s N«w with Eric Raymond? 



Calculator 

Thanks for Dave Taylor's Work the 
Shell column in the December 2007 
issue of LJ. I learned some new things 
from it. Truth be told, most of the 
articles in LJ are irrelevant to me, but 
I slow down and pay attention when 
I come to Dave's column. 

Dave didn't mention it, but surely he 
knows about calc (isthe.com/chongo/ 
tech/comp/calc)? This is a very pow¬ 
erful command-line calculator that I 
use often. 


$150 rebate instead of the $360 rebate 
that you get with Windows! 

Something stinks at Dell when a Linux 
or FreeDOS box costs $210 more than 
an XP box. 

Stanley Miller 

Thanks for the Games 

Thank you for three game articles in the 
December 2007 issue of Linux Journal. I 
am glad to see progress in Linux gaming. 
Games are the only reason I still have a 
Windows partition on my computer. The 
best first-person games are still only on 
Windows ( BioShock , Oblivion and so on). 
Fortunately, my favored strategy game 
does have a Linux version: Dominions 3 
(www.shrapnelgames.com/lllwinter/ 
Dom3/1.htm). 

Richard 

More Business Content, Please 

I was recently browsing through the 
archived articles of Linux Journal on 
www.linuxjournal.com, and I noticed 
that the past year or two has marked a 
decline in the number of articles target¬ 
ed at business Linux users. Recent arti¬ 
cles have focused more on home and 
educational users and developers than 
on the business administrator. 


In the interest of full disclosure, Landon 
Curt Noll happens to be a personal 
friend who wrote calc long before I 
became acquainted with him. Keep 
doing what you're doing in LJ. 

Bob 

Dell Linux Systems 

I'm part of the reason Dell is showing 
weak sales on Linux systems. I just pur¬ 
chased a slightly upgraded Dell Inspiron 
530 for $579.75 with Windows XP, and 
I'm reformatting and putting Linux on it 
the day it arrives. 

I considered getting the identical 
FreeDOS or Ubuntu version, but they 
were several hundred dollars more 
expensive, because they offer only a 


I understand that it's a struggle to find a 
balance between which audiences you tar¬ 
get, but as the manager of an Information 
Technology department for a medium-size 
business, I would appreciate more focus on 
the business administration side of things. 
I'm looking for articles that give me good, 
detailed suggestions on how and where 
Linux can be useful to my organization. 
It's great to read an article about thin 
clients, LTSP and how the two can be used 
together in a lab environment for students 
in a school, but I don't have large lab envi¬ 
ronments with various people coming and 
going all day using the same machines. I 
have cubicles where the same people sit 
down at the same desks every day and use 
business applications, like Microsoft Office 
and Visual Studio. How about some 
articles that tell me how I can implement 


OpenOffice.org without making my users 
angry and without making it impossible to 
interact with all of our customers and 
suppliers who use Microsoft Office? How 
about articles that present methods to 
migrate Microsoft Access Databases (I 
use the term "database" coupled with 
"Microsoft Access" very loosely) to 
open-source RDBMS systems with Web 
interfaces? Articles focusing on ERP 
systems for businesses? Of course, I'm not 
suggesting that you turn your attention 
entirely or even primarily toward business 
users (unless, of course, you'd like to fork 
another edition of LJ), just that you bring 
some of the focus back to that area. 
Also, I realize that Doc Searls has his Linux 
for Suits column, but the times I've read 
that, it seems to read more like the 
editorial page of a newspaper and less 
like a practical guide for implementing 
Linux in a business environment. 

Finally, because of some of the editorial 
comments I've read in LJ about the 
Novell/Microsoft agreement, I have to put 
in my two bits about the deal. I under¬ 
stand the strong anti-Microsoft reaction 
of Linux purists everywhere, I realize that 
it certainly isn't an ideal situation, and I 
understand the wary attitudes with which 
people approach the deal and say, "What 
kind of stunt is Microsoft going to pull this 
time?" That's all completely understand¬ 
able. However, as I said before, I manage 
an IT department, and Novell is helping me 
save loads of money on Microsoft licensing 
and is providing some very promising 
prospects for alternatives to Microsoft 
software in the very near future, along 
with some prospects for more interopera¬ 
ble systems between Microsoft's software 
and non-Microsoft software. Of course, 

I, too, am a bit cautious about what 
Microsoft sees in the deal, but I'm also a 
very satisfied Novell customer and see a lot 
of potential for their products to, at the 
very least, become a gateway out of the 
Microsoft world and into open source. 

Nick Couchman 

We appreciate your comments Nick , 
and we'll try to include more business- 
oriented articles soon. 
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[LETTERS] 


Baffled 

I have been a reader of Linux Journal for many years and 
find something to enjoy in every issue. I was, however, 
somewhat baffled by your inclusion of Sandeep Sahore's 
Tech Tip on his program showdate in the November 
2007 issue. 

Although it is indeed very useful to determine dates in the 
past and future, showdate is entirely unnecessary, and by 
the author's own admission, broken and quirky. 

May I present GNU date, included with every distribution of 
Linux I have ever used (source available for your favorite 
UNIX, naturally). For the benefit of your readers, I have 
duplicated the examples from the showdate Tech Tip and 
added a few more. 

The date ten years ago: 

$ date --date="10 years ago" 

Same as above in epoch seconds: 

$ date --date="10 years ago" +%s 

Five years, two months and 23 days from now in the format 
YY-MM-DD: 

$ date --date="+5 years +2 months +23 days" +%y-%m-%d 

With date, when you combine + and - in one command, it 
does the right thing (unlike showdate): 


$ date +%y-%m-%d 
07-12-05 (now) 

$ date --date=“-5 years +2 months +23 days" +%y-%m-%d 
03-02-28 (2 months and 23 days after 5 years ago) 

Schedule an at job 12 minutes and 35 seconds from now: 

$ at -t $(date --date="+12 minutes +35 seconds" +%Y%m%d%H%M.%S) 

Date isn't broken by large numbers: 

$ date --date=" + 1000 years" 

Sat Dec 5 16:41:40 EST 3007 
$ date --date=" + 10000 years" 

Wed Dec 5 17:01:17 EST 12007 

Date understands weeks too: 

$ date --date="+3 weeks" 

Date is even more flexible, for example, all of the following 
are valid: 

$ date --date="yesterday" 

$ date --date="tomorrow" 

$ date --date="last thursday" 

$ date --date="+2 weeks yesterday" (two weeks from yesterday) 

In fairness, like many GNU programs, a lot of the above is 
documented only on the info page (not the man page). 

Joshua 


Determinism 

I enjoyed Roman Shaposhnik's article 
"Roman's Law and Fast Processing with 
Multiple CPU Cores" in the November 
2007 issue of LJ, but he too briefly 
touched on an issue with large future 
implications. The problem isn't finding 
ways to make threads more deterministic; 
the problem is in our assumption that 
computers should be deterministic. A 
reliance on determinism works for pro¬ 
cessing on 8, or 16, or even 256 cores, 
but what about 256,000 cores? Or 256 
million cores? As elements flicker in and 
out due to errors and faults, these cre¬ 
ations will be better imagined as statisti¬ 
cal ensembles than simple machines, no 
matter how many OSI-like layers are 
created. As a developer, you can become 
comfortable with ways to flesh out the 
gotchas that occur in parallel environ¬ 
ments, but there is only so far that tools 
and insights can go if they are based on 
the wrong foundation. At some point 
in the future, we'll need to trade our 
Boolean yes or no for a Bayesian degree 


of belief. The software community has 
started to get a taste of this in loosely 
coupled aggregates like grids, but there 
is much, much more to come. 

Jon Dunfee 

Another Tip on a Tip 

This is in response to the Tech Tip on 
page 92 of the January 2008 issue, 
"Removing Duplicate Lines in Unsorted 
Text without Losing Input Order". If you 
have Perl installed (most distros do), 
you could do it like this: 

$ perl -ne'$x{$_}++||print' /tmp/numbers 

John W. Krahn 

Bash Can Do It 

I was surprised and dismayed to see 
Dave Taylor resort to Perl to map letters 
to numeric values, in his January 2008 
Work the Shell column. He states that 
the shell can't do this easily: "There's 
nothing I can imagine without extraor¬ 


dinary levels of effort." 

Perl is not needed; bash can do the 
same thing easily: 

ordvalue=$(('printf "%d\n.Sletter"'-96)) 

Russ Turner 

Dave Taylor replies: Cool. I didn't 
know you could do that! 

Iceweasel Clarification 

In the January 2008 issue of Linux Journal, 
Kyle Rankin wrote an article concerning 
anonymous Web browsing. Although the 
bulk of his content appears accurate, I 
noticed a fairly big mistake in one refer¬ 
ence regarding the Knoppix LiveCD. He 
refers to Iceweasel as "Firefox's name on 
Knoppix". This is inaccurate. Iceweasel is 
the forked browser based on Firefox, 
built initially by the Debian distribution. 
Iceweasel relieves the non-free issues that 
are part of the Firefox browser, as the 
Firefox browser cannot be redistributed 
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uiS* 


ABERDEEN 


QUAD-CORE. 
SAY NO MORE! 


BERDEEN STIRLING 144 


Four 6Zuad-Cores 

1U 3TB Quad Quad-Core HPC Server 

• Up to four Quad-Core Intel® Xeon® MP processors 

• Intel 7300 chipset with 64-Bit Support 

• Up to 192GB 667MHz ECC Fully Buffered FBDIMM Memory 

• Up to 3 x 1TB (3TB Total) Hot-Swap SATA Hard Drives 

• 1000W AC Power Supply w/PFC 

• 5-Year Warranty 


BERDEEN STIRLING 128 





1U 4TB Dual Quad-Core Server 

• Up to two Quad-Core Intel Xeon processors 

• Intel 5000P Chipset with 64-Bit Support 

• Up to 64GB 667MHz ECC Fully Buffered FBDIMM Memory 

• Up to 4 x 1TB (4TB Total) Hot-Swap SATA Hard Drives 

• 560W AC Power Supply w/PFC 

• 5-Year Warranty 
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3U 12TB Dual Quad-Core Storage Server 

• Up to two Quad-Core Intel Xeon processors 

► Intel 5000P Chipset with 64-Bit Support 

► Up to 32GB 667MHz ECC Fully Buffered FBDIMM Memory 

► Up to 12 x 1TB (12TB Total) Hot-Swap SATA Hard Drives 

► Areca ARC-1231 ML PCI Express 800MB/sec RAID Controller 

► 650W 2+1 Redundant Hot-Swap Power Supply 

* 5-Year Warranty 


Starting at 


$ 


3,389 


Starting at 


$ 


BERDEEN STIRLING X633 


BERDEEN STIRLING X840 




6U 32TB Dual Quad-Core Storage Server 

• Up to two Quad-Core Intel Xeon processors 

• Up to 32GB 667MHz ECC Fully Buffered FBDIMM Memory 

• Up to 32 x 1TB (32TB Total) Hot-Swap SATA Hard Drives 

• Up to two Rear Hot Swap SATA Hard Drives for OS 

• Dual Areca PCI Express 800MB/sec RAID Controllers 
1350W 3+1 Triple Redundant Power Supply 


1 5-Year Warranty 


Starting at 


$ 
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1 5-Year Warranty 


Starting at 


$ 


Intel, Intel Logo, Intel Inside, Intel Inside Logo, Pentium, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation or its 
subsidiaries in the United States and other countries. For terms and conditions, please see www.aberdeeninc.com/abpoly/abterms.htm. Ij024 
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2U 8TB Dual Quad-Core Server 

• Up to two Quad-Core Intel Xeon processors 

• Intel 5000P Chipset with 64-Bit Support 

• Up to 64GB 667MHz ECC Fully Buffered FBDIMM Memory 

• Up to 8 x 1TB (8TB Total) Hot-Swap SATA Hard Drives 

• 700W Redundant Hot-Swap Power Supply 

• 5-Year Warranty 
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Starting at 
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4U 16TB Dual Quad-Core Storage Server 

• Up to two Quad-Core Intel Xeon processors 

• Intel 5000P Chipset with 64-Bit Support 
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• 5-Year Warranty 


5U 24TB Dual Quad-Core Storage Server 

• Up to two Quad-Core Intel Xeon processors 

• Intel 5000P Chipset with 64-Bit Support 

• Up to 32GB 667MHz ECC Fully Buffered FBDIMM Memory 

• Up to two Internal SATA Hard Drives for OS 

• Areca ARC-1280ML PCI Express 800MB/sec RAID Controller 

• 950W 3+1 Triple Redundant Hot-Swap Power Supply 

• 5-Year Warranty 
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8U 40TB Dual Quad-Core Storage Server 

• Up to two Quad-Core Intel Xeon processors 

• Up to 32GB 667MHz ECC Fully Buffered FBDIMM Memory 

• Up to 40 x 1TB (40TB Total) Hot-Swap SATA Hard Drives 

• Up to two Rear Hot Swap SATA Hard Drives for OS 

• Dual Areca PCI Express 800MB/sec RAID Controllers 
1350W 3+1 Triple Redundant Power Supply 


8,029 
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[LETTERS] 


Get a Clue 

Mick Bauer's column "Getting a Clue with WebGoat", in the January 2008 
issue of LJ, was missing a few clues. After some trial and error using Ubuntu 
7.10, I found all the "Gutsy" clues. Mr Bauer left me clueless on setting the 
jAVAJHOME variable. The QRG is: 

$ sudo apt-get install sun-java5-jdk 
$ export JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun-1.5.0.13 
$ wget http://webgoat.googlecode.com/files/ 

^Unix_WebGoat-5.0_Release.zip 
$ unzip Unix_WebGoat*.zip 
$ wget 

http://downloads.sourceforge.net/owasp/ 

^webscarab-ins taller-20070504-1631.j ar?modtime=1178324741 
$ java -jar webscarab-installer-20070504-1631. jar 
$ java -jar M /home/username/WebScarab/webscarab.jar" 

$ sudo sh ./webgoat.sh start80 

What doesn't kill me makes me better. 

PS. I like (intentionally, I hope) that the use of Tomcat was installed with WebGoat 
and that in the same issue Alan Berg had an article on efficiency tricks with 
Apache and Tomcat titled "Separate the Static from the Dynamic with Tomcat and 
Apache". As my first use of Tomcat was with WebGoat, touching on Tomcat later 
in the issue gave me a chance to further explore Tomcat. Bravo. 

sbaker813 


using the Mozilla Firefox name or logo if 
any changes are made by a distribution. 

Christer Edwards 

GRUB Security 

I enjoyed the "The Tao of Linux Security" 
article by Jeramiah Bowling in the 
January 2008 issue of Linux Journal. 

I do have one small tip for the author, 
however. He suggests setting a password 
to the GRUB bootloader by adding 
password yourpasswordhere below 
the timeout line in the GRUB config 
file. Although this is technically accurate, 
if we're shooting for security, let's try 
not to leave passwords lying around 
in plain text. 

Most major distributions should ship 
with the grub-md5-crypt command 
that allows you to generate md5- 
hashed passphrases for the GRUB 
bootloader. I suggest that anyone 
applying a GRUB security model 
would use this tool to generate 
an md5-hashed password and 
use that via the syntax password 
--md5 pasteyourmd5hashhere. 

Christer Edwards 


More Work the Shell Tips 

In the January 2008 issue of Linux 
Journal, Dave Taylor is musing over 
"how do you step through a word, 
letter by letter, in a shell script", and 
later, "how do you convert characters 
into corresponding numerical codes". 
Here is how (bash): 

in=linux 

while [ -n "$in" ]; do 

val=$(($(printf %d ""${in:0:l}) - 96)) 
echo "... letter ${in:0:1} has value $val" 
in=${in:1} 
done 

As for the Perl code used later in the 
same article, the simplest way to get 
from a string a list of corresponding 
byte codes is to use unpack with aC* 
or c* pattern. So the following Perl 
gives the result he is after: 

@values = map {$_ - 96} unpack "C*", "linux"; 

A corresponding list of "letter keys" 
will be produced by split //, 

"linux";. Of course, variables could 
be used in place of literal strings. 

Michal Jaegermann 
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FRONT 

NEWS + FUN 


WHAT'S NEW 
IN KERNEL 
DEVELOPMENT 


The 2.4 kernel 

[ “ U looks more and more 
immobile. Except 
for bug fixes, it no 
longer seems to be 
the case that any 
new code will be 
accepted. Even clean, well-written, mini¬ 
mally invasive driver ports from the 2.6 
tree now are being turned away, as 
Vitaliy Ivanov recently discovered. He'd 
ported the adutux driver to 2.4 and 
submitted it, only to be told by Willy 
Tarreau that the driver would not be 
accepted, because no one used the rele¬ 
vant hardware on 2.4 systems. The fact 
that this may be because the driver has 
not been available was met with the 
argument that people who may have 
needed such a driver probably already 
have found different hardware to 
solve their problem. And, Willy added, 
because the 2.4 tree was not changing 
so quickly these days, those who did 
want the patch would have no trouble 
applying it themselves. 

Vitaliy was a bit disappointed and 
surprised by this. But, in spite of the 
rejection, Willy and other top hackers 
still helped Vitaliy get the patch into 
the best possible shape, in case anyone 
ever did want to apply it. The patch 
apparently now will live in Willy's own 
personal tree, which gathers together 
2.4 patches that are unlikely to make 
it into the official tree. 

The hardware4linux.info site has 
come on-line, providing a database of 
hardware and its interoperability with the 
various Linux distributions that exist in 
the wild. Like similar projects, this one 
relies on user-contributed data. 

It's possible that the Linux-tiny 
Project will be started up again, under 
Michael Opdenacker's leadership, but 
there seems to be considerable opposi¬ 
tion. Linux-tiny is a general effort to 
make the kernel smaller, both in RAM 
and on disk, and to provide a central 
location to submit all such patches, so 
they can be fed to Andrew Morton 
or Linus Torvalds. But, several folks, 
including Andrew, felt there was no 
need for a central location beyond the 
kernel itself. His feeling is that any patch¬ 
es that can help make the kernel smaller 
should be submitted to him, rather than 


to Michael or anybody else. 

However, as a lot of these patches 
already have collected around Michael, 
he feels he's still needed to help organize 
them and present them to Andrew or 
whomever. So, there does seem to be 
the sense that Linux-tiny is needed, in 
spite of the fact that folks like Andrew 
are very much opposed. It seems as 
though this could shake out either way. 

A very interesting new distributed 
filesystem has hit the scene, created 
by Sage Weil as part of his PhD studies. 
It's been under development for a while 
now, but Sage has just made his first 
official announcement. As a result, the 
filesystem is likely to be more stable than 
other filesystems at the time of their ini¬ 
tial announcement; however, because of 
the lack of testing, users probably should 
not trust Ceph with their data until it has 
had a bit more time under the spotlight. 

Ceph supports the familiar POSIX 
filesystem semantics and distributes its data 
across an arbitrary number of nodes on a 
network. Data is replicated and rebalanced 
behind the scenes, so the loss of only a 
small number of nodes would be unlikely 
to cause any data loss. 

Originally, the filesystem client itself 
had been done in FUSE, which made for 
rapid development at the cost of some 
speed and correctness. One of the reasons 
Sage chose to make his announcement 
now is that he has begun work on an 
in-kernel client, which addresses all the 
correctness and efficiency issues. 

Adrian Bunk wants to take away the 
Experimental configuration depen¬ 
dency. The idea behind Experimental 
was that users could choose not to see a 
large swath of unstable configuration 
options and, thus, focus only on the 
options that seemed the most thoroughly 


tested and reliable. If, during kernel 
configuration, users clicked on the 
"Enable experimental features" option, 
they suddenly would see all the weird 
stuff that hadn't yet stabilized. The great 
value of the Experimental option was 
that it allowed newer code to have the 
widest possible distribution among 
users, without putting users in a position 
to harm themselves by inadvertently 
enabling a feature that would somehow 
or other trash their systems. 

Unfortunately, according to Adrian, so 
many necessary drivers still are listed as 
experimental, that distributions have been 
enabling experimental features by default 
in their production kernels. In many cases, 
these drivers have not really been experi¬ 
mental for a long time, but their develop¬ 
ers just never bothered to remove the 
dependency. So now, users have none of 
the benefit of being able to turn off 
experimental features. If they want to use 
their system at all, in many cases, they are 
obliged to enable experimental features 
and hope they don't inadvertently enable 
something else that is less stable. 

It's unclear what ultimately will 
become of the feature. Clearly, many 
experimental features in the kernel 
would have to be removed entirely, if 
there were no way to hide them from 
users who wanted only the most solid 
features. If Adrian does remove the 
Experimental option and nothing 
replaces it, all those features may 
lose out on their current high level of 
availability to new users. Meanwhile, 
the drivers that had caused the whole 
problem by failing to remove their 
dependency on the Experimental option 
would get to stay in the kernel, because 
they are not really experimental. 

— ZACK BROWN 
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LJ Index, 
March 2008 


1. Percentage of users that click on ads at 
least once per month: 1 


2. Number of times per month most of those 
who click on ads do so: 1 


3. Out of three persons who click on advertising, 
the number most likely to be female: 2 


4. Projected billions of dollars (US) in 2008 
advertising sales worldwide: 486 


5. Projected billions of dollars (US) in 2008 
on-line advertising sales worldwide: 44.6 


6. Projected 2008 worldwide market share 
percentage for on-line advertising: 9.4 


7. Years that will pass before on-line advertising 
will overtake radio advertising: 0 


8. Years that will pass before on-line advertising 
will overtake magazine advertising: 2 


9. Lines of code searched by Koders.com: 
766,893,913 


10. Lines of code searched by KruglePublic, in 
billions: 2.6 


11. Code repositories searched by Krugle.com: 

600 


12. Thousands of projects searched by 
KruglePublic: 100 


13. Number of projects registered at 
SourceForge: 164,138 


14. Number of users registered at SourceForge: 

1,744,635 


15. Service listings in SourceForge Marketplace 
at launch: 600 


16. Millions of Linux-based mobile handsets 
sold by Motorola: 9 


17. Percentage of Motorola's handset portfolio 
served by the company's Linux MotoMagx 
platform: 60 


18. Percentage of Linux CPUs running AMD 
Athlon: 14.71 


19. Percentage of Linux CPUs running 
Pentium 4: 12.15 


20. Percentage of Linux CPUs running other 
Pentiums: 24.97 


Sources: 1-3: A0L | 4-8: AdAge 
9: Koders.com 110-12: KrugLe.com 
13,14: SourceForge.net 115: CNN.com 
16,17: AmericasNetwork.com 
18-20: Linux Counter (counter.Li.org); 
numbers gathered by December 9, 2007 


[UPFRONT] 


The Linux Muse 


Convergent Living 
keeps expanding 
its portfolio of 
Companion-branded 
home electronics 
controllers, all of 
which involve "server¬ 
less smart appliances 
running rock-solid 
Linux". All are intended 
to work with the company's 
own components or with those of 
many other manufacturers. At the 
time of this writing, Convergent 
Living's Integrated Mode Subsystem 
Drivers supported the following: 

■ 21 scene lighting systems. 

■ Ten distributed audio/video multi¬ 
room preamps (with two "coming"). 

■ Five media audio streamers. 

■ 14 digital media servers. 

■ Three l/serial-based components. 

■ Four security panels. 

■ Seven automation panels. 

■ Five I cameras, plus "almost any 
streaming MPEG-3 camera". 

It also supported a pile of 
Ethernet converters; VGA/USB 
extenders via CAT5; a serial 
router and communications to 


thermostats, humidi¬ 
fiers, shade controls, 
weather stations; and 
other "environmen¬ 
tal" electronics by 
several manufacturers, 
over an array of data 
link types. 

Its latest controller 
is the Companion 
Muse, which communi¬ 
cates to both the Net and 
local home electronics over Wi-Fi. 

It has a built-in Web browser, plus 
the ability to control home systems 
either through IP (Internet Protocol) 
connections or through "transla¬ 
tors" that speak through serial, 

IR and other interfaces. 

The Muse weighs just less 
than two pounds and runs on an 
800MHz LX-800 Geode processor. 

It has an 8.4" TFT Active Matrix 
800x600 SVGA LCD touchscreen, 
talks 802.1 1 b Wi-Fi and plays 
16-bit audio through either a built-in 
speaker or a headphone jack. It's 
recharged through a desk cradle 
or USB passthrough. 

Configuring and integrating 
widely disparate home electronics 
tend to be complex professional 
work, so Convergent Living sells its 
components through professional 
integrators. Meanwhile, as the line 
continues to expand, it demon¬ 
strates the handiness of Linux as a 
solid platform for integrating just 
about anything. 



RESOURCES 

■ Convergent Living, Companion: 

www.convergentliving.com/index.php?option=content&task=view8{id=15, 
www.convergentliving.com/index.php?option=com_content8ftask=view8fid=438cltemid=67 
and www.convergentliving.com/index.php?option=content8ctask=view8(id=28 

■ "Linux touchpanel automates homes, boardrooms": 

www.linuxdevices.com/news/NS8523585083.html 

■ "Device Profile: Convergent Muse touchscreen automation controller": 

linuxdevices.com/articles/AT6599836729.html 


— DOC SEARLS 
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[UPFRONT 


t ' 

Distro Share 
Distribution 

Linux Counter (counter.li.org) has been 
keeping track of many things for many 
years. One of those things is distro share 
percentages. Here is how they stacked 
up, as of December 9, 2007. The data 
is derived from 147,964 registrations 
entered and 151,087 values. 

— DOC SEARLS 


Distro Share Percentages 


Distribution 

Count 

Percent 

CentOS 

1,190 

0.80% 

Debian 

28,949 

19.56% 

Fedora Core 

10,451 

7.06% 

Gentoo 

12,642 

8.54% 

Kubuntu 

1,837 

1.24% 

Mandrake 

7,602 

5.14% 

Mandriva 

2,870 

1.94% 

Red Hat 

11,349 

7.67% 

SUSE 

14,757 

9.97% 

Slackware 

13,166 

8.90% 

Ubuntu 

19,490 

13.17% 

Others 

26,783 

18.10% 


v 


Linux as an RTOS 

Linux success in the embedded space is well established. In October 2007, 
VDC reported that Linux held a 40% share among embedded operating system 
choices by system developers. Smaller share slices were held by commercial 
OS vendors, in-house, "other" and "no formal OS". In the Linux wedge, free 
Linux distributions outpaced paid ones by more than two to one. And, the free 
side was trending upward, with free distros outpacing paid ones by more than 
four to one among future embedded project deployment plans. 

But, that's just one source of stats. More recently. Embedded Market Forecasters 
(EMF) came out with a report titled "Embedded Linux Total Cost of Development 
Analyzed", which it says is based on interviews with more than 1,300 embedded 
developers. In its summary, EMF reported the following: 

■ "Embedded Linux has achieved design parity with commercial RTOSes 
for most projects." 

■ "Embedded Linux design outcomes are consistent with the outcomes of 
projects using OSes from commercial RTOS vendors." 

■ "Use of a commercial embedded Linux OS is more effective than a 
noncommercial 'in-house' Linux development undertaking." 

"Embedded Linux can be used in a mission-critical environment that requires 
MILS (Multiple Independent Levels of Security) or EAL (Evaluation Assurance 
Level) certification or POSIX (Portable Operating System Interface) confor¬ 
mance, when used in protected memory under a certified RTOS." 

Dr Jerry Krasner, President of EMF and author of the report, said, "This 
study shows that designing with an embedded Linux OS can be as dependable 
as designing with an RTOS." 


RESOURCES 


■ "Linux to remain a leading embedded OS, says analyst": 

www.linuxdevices.com/news/NS2335393489.html 

■ Embedded Market Forecasters, "Poor development tool selection costing 
embedded developers an average of $553,000 per project": 

www.embeddedforecast.com/images/MDD_Release_052107.pdf 

— DOC SEARLS 


New Features at LinuxJournal.com 


If you haven't visited us recently, you 
may have missed Linux Journal's Gadget 
Guy, Shawn Powers, and his video prod¬ 
uct reviews. Each week, Shawn has 
entertained and informed while giving 
viewers a peek at some interesting 
Linux-powered gadgets, such as the 
popular ASUS Eee PC, the Z2 Zipit 
Wireless Messenger and the Neuros 
MPEG-4 recorder. Be sure to come back 


to see what other cool toys he will get 
his hands on. 

Also, take a look at the section 
aptly named "Live from the Field" to 
get some interesting perspectives and 
perhaps even a behind-the-scenes look 
at Linux Journal from our very own 
staff and advisory board. These folks 
tend to have some useful information to 
share, and you might even get a look 


at some of their geek gear. After the 
holidays, many of us posted photos 
and videos of our geekiest gifts for all to 
see. If you haven't seen these, they are 
worth checking out and can be found 
at www.linuxjournal.com/microblog. 

Drop by and write your thoughts in 
the comments sections or in the forums. 
We'd love to hear from you. 

— KATHERINE DRUCKMAN 
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[UPFRONT] 


What Are They Using? 

Each month, we'll be featuring a fun Linux implementation by a notable user. 
Launching the series is Wendy Selzer. A founder of Openlaw, its open DVD 
forum and the Digital Effects Clearing House, she also was a star attorney 
with the Electronic Frontier Foundation, where she led EFF's Digital Television 
Liberation Front, fighting restrictive government technology mandates with 
open-source software. These days, she lives near Boston, where she serves as 
assistant professor at Northeastern University School of Law and fellow with 
the Berkman Center for Internet and Society at Harvard Law School. 

Here's Wendy: 

I'm using MythTV to power my home entertainment system. The combination 
digital video recorder, jukebox, streaming audio server and Web browser is 
a Debian-based Pentium 4 running MythTV and other free software. 

I built this machine when the Broadcast Flag was threatening the continued 
availability of open high-definition television tuners, but since public interest 
groups (including the American Library Association, Electronic Frontier 
Foundation and Public Knowledge) defeated the Broadcast Flag, the hardware 
is still available, and Moore's Law makes it cheaper all the time. (Full specs at 
wendy.seltzer.org/mythtv; the large-screen TVs pictured aren't mine.) 

The DVR picks up over-the-air television in HD and standard def, recording 
a mix of programs I've directly selected, TiVo-like "season passes" and 
those it gleans from searches or community-generated lists. Whenever a 
"best movie of all time" or nature program comes up, I can time-shift it 
to fit my schedule. If I'd rather watch the "NewsHour" in half an hour, 

I can time-squeeze it to fit. Independent video from YouTube and Miro 
round out the mix. 

Ripping my CDs to lossless FLAC files gives me a jukebox from which I can 
select playlists to listen to on my living-room stereo, stream to the study or 
office, or move to a pocket. I can record the Metropolitan Opera's Saturday 
matinee broadcasts (streamripper from a crontab) and pull up Wikipedia 
pages or libretti alongside. 

The system that started as a political statement has become immensely 
practical (and fun). The general-purpose computer lets me watch media as 
I want to see or hear it. We just have to make sure the media stays unen¬ 
cumbered and the technologies aren't hampered by ill-designed mandates 
from Hollywood. 


— DOC SEARLS 


They Said It 


Data likes to meet, have sex and 
make babies, just make sure it 
happens in your hotel room. 

—Martin Geddes, psd on Twitter, 
December 6, 2007 


Put it all together, and here's what I 
see happening. In the next few quar¬ 
ters, low-end Linux-based PCs are 
going to quickly take over the bottom 
rung of computing. Then, as businesses 
continue to get comfortable with SaaS 
(software as a service) and open- 
source software, the price benefits will 
start leading them toward switching to 
the new Linux/SaaS office model. 

You'll see this really kick into gear 
once Vista Service Pack 1 appears and 
business customers start seriously 
looking at what it will cost to migrate 
to Vista. That Tiffany-level price tag 
will make all but the most Microsoft¬ 
centric businesses start considering 
the Linux/SaaS alternative. 

—Steven J. Vaughan-Nichols, 
www.desktoplinux.com/news/ 
NS2414535067.html 


Sun will be announcing a multi-year 
award program in support of fostering 
innovation and advancing open source 
within our Open Source communities. 
We'll be providing a substantial prize 
purse and working with the communi¬ 
ties involved to develop the approach 
that works best. 

—Simon Phipps, Sun Microsystems, 

blogs.sun.com/webmink/entry/ 

getting_paid_to_develop 


Avoid “Argument list too long” Errors 


TECH TIP 


The shell has a maximum length for command-line argu¬ 
ments. If you try to pass more than the maximum, you will 
receive an error: 

Argument list too long 

For example, to find which files contain a particular string, 
you normally would do the following: 


grep -1 STRING 

But, if there are too many files, you may get the "Argument 
list too long" error. In that case, you could do: 

Is | xargs grep -1 STRING 

— ALESSANDRO PAIUSCO 


www.linuxjournal.com march 2008 | 17 







COLUMNS 


AT THE FORGE 


OpenSocial and 
Google Gadgets 

reuven m. lerner Thinking about developing an OpenSocial application? First, you’ll need 
to understand Google Gadgets. 



The past few months. I've written about the 
Facebook API, which allows third-party developers 
to integrate their applications into Facebook. A 
large number of such applications exist already, 
and more are being created and released every day. 

However, Facebook isn't the only social-networking 
site out there. Indeed, Facebook isn't even the 
largest social-networking site—although it is the 
fastest-growing and seems to have a great deal 
of momentum. This is due in no small part to 
developers' ability to create and integrate new 
applications into Facebook. And, although most 
Facebook applications are (I think) pretty silly, 
that hasn't stopped people from trying them and 
even using them on a regular basis. 

Facebook's offer of a developer API definitely was 
a good thing for Facebook users. But, it was bad 
news for at least three other groups of people. First, 
users of other social-networking systems suddenly 
were faced with the prospect of using a less-popular 
system. (In the world of social networking, a less- 
popular system also is less desirable.) Second, the 
people running non-Facebook social-networking 
sites, such as Linkedln and MySpace, suddenly were 
faced with the prospect of their users leaving for 
Facebook. Finally, software developers began to look 
at Facebook as the most-desirable platform for which 
they should develop, because it had the largest user 
base. Even if one or more of the competing sites 
were to unveil an API, and even if it were as rich as 
the Facebook API, it probably wouldn't reach enough 
users to make the doubled effort worthwhile. 

So, I was fascinated to learn, via Marc Andreessen's 
blog, that a number of social-networking sites 
were responding to Facebook in a way that satisfied 
all three of these populations. They announced an 
API that would allow an application to work across 
many different social-networking sites. This API, 
known as OpenSocial, can be added to any site 
("container") or application. If you write a Facebook 
application, it'll work only on Facebook. But, if 
you write an OpenSocial application, it'll work 
under Ning, MySpace, Orkut and nearly a dozen 
other systems. 

Of course, OpenSocial isn't exactly the same as the 
Facebook API. And, in fact, it has some disadvantages 


when compared with the Facebook API. Also, as 
I write these words in mid-December 2007, 
OpenSocial still is stuck in an early beta release. 

However, OpenSocial is interesting from a few 
perspectives. First, it's an interesting shot across 
Facebook's bow, and one that deserves our atten¬ 
tion, if only because it demonstrates the lengths to 
which companies now will go to attract developers 
and users. But, it's also interesting because it's the 
first application standard I can think of that is based 
on HTTP, JavaScript and HTML. That is, I believe 
OpenSocial is the first Web development API that is 
completely client-side, rather than server-side. If 
nothing else, this shows how important JavaScript 
has become to Web developers. 

This month, we start looking at OpenSocial 
from the perspective of an application developer. 
OpenSocial builds on work done at Google; thus, 
it's based on several technologies developed at 
Google, including Google Gadgets. So, let's begin 
our discussion of OpenSocial by looking at Google 
Gadgets and how we can create and use them. 
Next month, we'll look at how to turn a simple 
gadget into a social gadget and connect it with 
OpenSocial containers. 

Google Gadgets 

An OpenSocial application is, at heart, a combina¬ 
tion of XML and JavaScript, using a special version of 
Google Gadgets. The code is written in JavaScript, 
and preferences and guidelines for the gadget 
are set using XML. The simplest possible gadget, 
taken from Google's on-line documentation, is 
the following: 

<?xml version="l.0" encoding="UTF-8" ?> 

<Module> 

<ModulePrefs title="Hello world" /> 

<Content type="html"> 

<! [CDATA[ 

Hello, world! 

]]> 

</Content> 

</Module> 
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The above gadget, as you can imagine, doesn't 
do very much. The first line shows that it's an XML 
document and that it's encoded using UTF-8. This 
means we can write gadgets in any language we 
like, and they should work correctly. The gadget is 
then contained inside <Module> tags, apparently 
because gadgets were called modules when they 
were under development. The content of a gadget 
sits inside a <Module>. 

There are three potential sections inside a gadget: 

■ ModulePrefs: defines the settings for a particular 
gadget. 

■ Content: contains the HTML that is displayed for 
the user, as well as any JavaScript code with 
which the user will interact. 

■ UserPrefs: used to store user preferences. 

The above test gadget doesn't contain any 
UserPrefs, and its Content section contains only 
HTML, but it still is valid. 

To see this gadget in action, you need to create 
an iGoogle page. This requires having a Google 
login. (I'm familiar with the privacy concerns that 
are increasingly raised about Google. OpenSocial 
will not be tied to Google; thus, it doesn't require a 
Google login. However, for the time being, it's easi¬ 
est to create a gadget for an iGoogle page.) Go to 
your personal iGoogle page: google.com/ig. 

On the right side of the screen is a link called 
Add stuff. This is how you add new gadgets to your 
personal iGoogle page. By default, it shows the 
most popular gadgets, and you're obviously wel¬ 
come to add as many or as few of these gadgets as 
you want. However, if you're going to be develop¬ 
ing gadgets, add the My Gadgets gadget, which 
gives you some additional control and functionality. 
Use the search box to find My gadgets, and when 
you find it in the search-result listing, click on the 
add it now link. You will be brought back to your 
iGoogle page, with this new gadget now available. 

Publishing Your Gadget 

Google has tried to make gadget development as 
easy as possible. One way it eases the learning 
curve has been through the creation of many on¬ 
line tools that remove the editing and storage needs 
for many developers. Thus, although many Web 
developers (like me, and possibly you) are happy to 
write programs in Emacs and put them on their 
own private Web servers, Google realized that not 
everyone has access to (or familiarity with) such 
tools. So, Google provides a Web-based editor 
(GGE, the Google Gadget Editor), which not only 
lets people edit their own gadgets via a Web browser, 


but also provides free storage for gadgets. 

I'm going to take a more traditional route to 
storage in this column, although you're welcome to 
ignore my example. I'll be putting my gadgets on 
my Web server (atf.lerner.co.il). To incorporate these 
gadgets into my iGoogle page, I must go to the My 
Gadgets gadget and enter the complete URL of the 
gadget. For example, I stored the above "Hello, 
world" gadget on my server as rmlgadgetl .xml. 
Thus, I entered the following URL into My Gadgets: 
http://atf.lerner.co.il/rmlgadget1 .xml. 

Sure enough, after a moment of loading, I saw 
"Hello, world!" on my iGoogle screen. Each gadget 
is displayed inside an iframe, an HTML entity that 
allows the developer to create content that's inde¬ 
pendent of its surroundings. Or, thinking about it in 
a different way, the iframes ensure that gadgets 
cannot interfere with one another but stay "locked" 
inside their frames. 

More Interesting Gadgets 

It goes without saying that most developers 
would not be content to produce "Hello, world" 
programs. Rather, we typically want to do something 
a bit more substantive. 

In order to do that, we need to create a bit 
more HTML inside the <Content> section. We prob¬ 
ably should create some JavaScript that manipulates 
that HTML as well, given that we have a completely 
open canvas. 

Note that I'm going to modify the original gad¬ 
get I created, which I named rmlgadgetl. Google 
caches gadgets, which means that once you have 
loaded one on to your iGoogle page, modifications 
made to the gadget won't show up. This is when 
you must fire up your trusty My Gadgets gadget, 
and uncheck the cached check box for the gadget 
(in my example, rmlgadgetl). Reloading the iGoogle 
page will reload the gadget from the Web server, 
allowing you to have a more interactive and produc¬ 
tive development experience. 

Here's one update that demonstrates how to use 
JavaScript inside the gadget: 

<?xml version^"1.0" encoding="UTF-8" ?> 

<Module> 

<ModulePrefs title="Hello world" /> 

<Content type="html"> 

<![CDATA[ 

<div id="content">Hello, world!</div> 
<script type="text/]avascript"> 
var element = 

document.get ElementById( 1 content 1 ); 

element.1nnerHTML = "Foo"; 

</script> 

]]> 
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</Content> 

</Module> 

Once again, there's not much content to this 
widget. We simply use JavaScript and the DOM to 
modify the contents of a div. So, let's make things a 
bit more interesting and retrieve the latest headlines 
from Linux Journal's RSS feed. Then, we can display 
the first few headlines, even making them linkable: 

<?xml version- 1 1.0" encoding="UTF-8" ?> 

<Module> 

<ModulePrefs title="Reuven's Gadget" /> 

<Content type="html"> 

<![CDATA[ 

<div id="content">Loading feeds...</div> 

<script type="text/javascript"> 
var html = 1 '; 

var url - "http://feeds.feedburner.com/linuxjournalcom"; 
var callback = function(feed) { 

html += "<ul>\n"; 

for (var counter = 0; counter < feed.Entry.length; 

counter++) { 

html += "<li>" + '<a href="' + 
feed.Entry[counter].Link + ta\ 

rget="_blank">' + feed.Entry[counter].Title + "</a>" + "</li>\n"; 

} 

html += "</ul>\n"; 

_gel('content').innerHTML - html; 

}; 

var num_entries = 5; 
var get_summaries = false; 

_IG_FetchFeedAsJSON(url, callback, num_entries, get_summaries); 
</script> 

]]> 

</Content> 

</Module> 

The above gadget code begins with the same sort 
of static code as our previous gadget, although I did 
change it from saying "Hello, world" to something a 
bit more useful ("Loading feeds..."), because this text 
will appear while the feeds are loaded. 

The JavaScript in this gadget is somewhat 
interesting, mostly because it depends on the 
_IG_FetchFeedAsJSON function, which Google pro¬ 
vides to gadget developers. This function takes four 
arguments, and the first two are mandatory—the 
URL from which to fetch the arguments and the 
callback function that should be invoked when the 
feed is retrieved. For our example, I'm using the 
RSS/Atom feed URL for Linux Journal as provided by 
FeedBurner.com. Thus, we will get the list of recent 


www.linuxjournal.com headlines, as defined by 
the site administrators. 

The callback function, which I've named callback 
here, is invoked with a single argument, the JSON 
(JavaScript Object Notation), representing the feed 
that was retrieved from our URL. That JSON con¬ 
tains an array named Entry, whose elements contain 
the feed information. Each element contains Title 
and Link properties, which we will use to construct 
the output HTML. 

When callback is invoked, we first go to 
FeedBurner.com and retrieve the five most-recent 
headlines: 

_IG_FetchFeedAsJSON(url, callback, num_entries, get_summaries); 

Then, we iterate over the elements of Entry, 
appending them to a variable we've conveniently 
named html and putting each Title inside an HTML 
link, which opens the target URL in a new tab or 
window (thanks to target="_blank M ): 

for (var counter = 0; counter < feed.Entry.length; 
counter++) { 

html += "<li>" + '<a href="' + 
feed.Entry[counter].Link + ta\ 

rget="_blank">' + feed.Entry[counter].Title + "</a>" + "</li>\n"; 

} 

Finally, we assign our div (the one that starts by 
saying "Loading feeds..."): 

_gel('content').innerHTML = html; 

Sure enough, our gadget works very nicely, pro¬ 
viding us with a dynamically updated list of head¬ 
lines from Linux Journal. What could be better? 

One of the most interesting characteristics of 
Google Gadgets is the way in which they are com¬ 
pletely self-contained, insulated from the surround¬ 
ing page and application. As I mentioned previously, 
this is because each gadget sits inside an iframe, 
and it undoubtedly was one of the reasons gadgets 
were used as the basis for OpenSocial. 

However, we already can see how this will lead 
to a situation in which the application, rather than 
the hosting OpenSocial "container" site, determines 
the look and feel. This means if you include six 
OpenSocial applications, each one will have its own 
look and feel. This is a big difference from Facebook, 
in which applications are forced, to a large degree, 
to adhere to Facebook's look and feel, creating a 
rather pleasant user experience. Time will tell 
whether this causes problems or whether developers 
and users will reach a happy medium on this issue. 

A separate issue is the fact that each gadget 
contains only a single page of HTML. Any updates 
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that take place within the gadget, as we saw, 
happen thanks to JavaScript manipulation of the 
DOM. This is not a bad thing, and it is becoming 
increasingly common as Ajax becomes more pervasive 
among Web developers. However, it may be slightly 
foreign for developers who are still using the 
one-page-per-click paradigm. 

Conclusion 

Google Gadgets are small, self-contained mini-pages 
written in a combination of XML, HTML and 
JavaScript. They may be hosted by Google or on 
your own server, and to date, they primarily have 
been used for the personalized iGoogle service. 
However, Google Gadgets now form the foundation 
of OpenSocial, an open application standard used 
by social-networking sites other than Facebook. 

Next month, we will see how to convert our Google 
Gadgets into an OpenSocial application. ■ 


Reuven M. Lerner, a longtime Web/database developer and consultant, is a PhD 
candidate in learning sciences at Northwestern University, studying on-line 
learning communities. He recently returned (with his wife and three children) 
to their home in Modi'in. Israel, after four years in the Chicago area. 


Resources 


For the latest updates on OpenSocial, consult the Google group for 
OpenSocial at groups.google.com/group/opensocial. I particularly sug¬ 
gest looking at the list of recent activity, which is at groups.google.com/ 
group/opensocial/web/whats-up-with-opensocial. 

Extensive information about Google Gadgets can be found at 

code.google.com/apis/gadgets/docs/basic.html, including 
many examples. Some of the examples and instructions were slightly 
out of date, but with a bit of digging, you should be able to figure 
out what is going on. 

To understand more about this month's specific example, which involved 
retrieving remote content, consult code.google.com/apis/gadgets/ 
docs/remote-content.html. 

Marc Andreessen, who cofounded Netscape and is now running the 
Ning site for creating social networks, writes a blog about the software 
industry, startups and OpenSocial at blog.pmarca.com. 
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MARCEL GAGNE 


My Desktop Lies over 
the Ocean 

Because being there is open to interpretation. 


You have been on the phone for an hour, 
Frangois, and it is nearly time for our guests to 
arrive. Who are you talking to? Your cousin in 
Riviere-du-Loup? And, you're helping her with her 
Linux system? That is commendable, mon ami, but 
we have work to do. Yes, I realize it takes a great 
deal of time when you have to ask the other person 
to describe what she sees while you try to tell her 
what she should do next. It might be easier to 
demonstrate. Yes, I know she lives a few hundred 
kilometers away. With your Linux system and the 
right tools, being there doesn't have to mean hours 
and hours of driving. Wrap up your call quickly, and 
you'll learn everything you need to know when I 
serve up today's menu. Vite! Our guests are arriving 
as we speak. 

Welcome, everyone, to Chez Marcel. It is a great 
pleasure to have you here, where fine Linux and 
open-source software meets great wine. Please, sit, 
while my faithful waiter takes a short trip to the 
wine cellar. Frangois, please bring back the Collavini 
2005 Villa Canlungo Pinot Grigio. Quickly, mon ami. 

It only makes sense that being there, in person, 
to show somebody how to work with his or her 
system isn't always convenient. Taking control of an 
existing remote desktop session lets you work with 
the desktop as though you were there, without 
having to walk up a floor or drive several hundred 
miles. In that respect, it's not only a time-saver, but 
also environmentally-friendly (imagine having to 
fly overseas). Another great incentive for remote 
control is the office environment. Do you need to 
show users how to add an icon to their desktops? 
Connect to their desktops and let them watch. 

Have you received a call asking for help interpreting 
an error message? Connect to the system and ask 
the user to re-create the scenario while you watch. 
The possibilities are endless. Taking control of a 
remote desktop also provides everyone with a 
learning experience. For you, the person doing the 
teaching, it lets users show exactly how whatever 
went wrong, went wrong. For users, it lets them 
watch a master at work, so they too can learn the 
ways of Linux. This remote control is probably better 
referred to as desktop sharing. 

Excellent, Frangois has returned with the wine. 
Mon ami, after you have taken care of filling our 


guests' glasses, please take care of mine as well. 

Both of the most popular Linux desktop environ¬ 
ments—KDE and GNOME—come equipped with 
excellent solutions for desktop sharing. With these 
tools, users can invite someone either to watch 
their desktop session or take control of it. In an 
office environment, system administrators also can 
set it up so they can take control whenever neces¬ 
sary. Let's start this tour with the KDE desktop 
sharing application. 

On my Kubuntu Linux system, remote desktop 
sharing is under the Internet menu. The command 


Figure 1. Invitations to desktop sharing come in 
different flavors. 



Figure 2. When you create a personal invitation, it expires 
an hour later. 



22 | march 2008 www.linuxjournal.com 































name is krfb, if you want to start it directly using 
your Alt-F2 run dialog. When you do so, a window 
labeled Invitation - Krfb appears (Figure 1). 

The window offers you three important choices. 
You can create either a New Personal Invitation or 
Invite via Email. The third button provides a more 
complex interface that allows you access to invita¬ 
tions that already have been created. You can delete 
existing invitations or create new personal invitations. 
There's also a Configure button at the bottom—a 
button that is of particular importance to system 
administrators. Let's leave those things for now 
and concentrate on creating a personal invitation. 
To do that, click the Create Personal Invitation 
button, and a window labeled Personal Invitation 
- Krfb appears (Figure 2). 

For security reasons, the invitation itself lasts 
only an hour. If you don't do anything else, Desktop 
Sharing automagically comes up with a password and 
an expiration time for the session. The host address 
necessary for the connection also is displayed. 
Overriding either the password or the expiration 
time is not allowed. Make sure you pass on the 



information as it is shown to the person who will 
be connecting. When you have passed on the 
information (or written it down), click Close. 

The other option is an e-mail invitation, 
which is essentially the same thing, except the 


Figure 3. Creating a 
persistent, uninvited 
connection adds 
convenience, but 
don’t ignore security. 
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Power efficiency, compute density, green computing, reliability, and serviceability are just some of the things he 
makes a priority. That's why Forrest is excited about the new Bladeform 8840 Blade for the Bladeform 8100 
Series Blade Server Platform. Each Bladeform 8840 Blade supports four Quad-Core AMD Opteron™ 8000 
Series processors. With 16 cores per blade and 10 blades per 7U enclosure, you can pack the power of 
960 cores in a 42U rack. 


At the same time, Forrest is very impressed that the Bladeform 8100 provides 90%+ high-efficiency 
redundant power supplies for operating cost reduction and earth-friendly computing. 

The Bladeform 8100 with the Bladeform 8840 Blade is a perfect choice for 
mission-critical enterprise applications as well as scale-out and 
high performance computing environments. 


When you partner with Silicon Mechanics, you get more than a high-efficiency 
AMD solution—you get an expert like Forrest. 


AMD£J 

Opteron' 


I adeform 8100 Series Blade Server Platforji 
visit www.siliconmechanics.com/bladt 





































COLUMNS 


COOKING WITH LINUX 


Incidentally, both the KDE 
remote client and the 
GNOME Terminal Server 
Client also let you connect 
to an RDP session as well. 

connection details are sent via e-mail rather than 
read over the phone. The only catch here is that 
you are sending the means to access your system 
via e-mail during that one-hour period. If you 
choose this option, you'll receive a warning 
about plain-text e-mail over the Internet and the 
wisdom of encrypting said e-mail. Click Continue 
to get past the warning, and a KMail message 
appears (with instructions on how to connect), 
ready for you to click Send. If no one answers 
the invitation, it disappears within an hour. 

Before we move on, click Close to get past all 
those invitations, and we'll have a look at another 
means of providing access—uninvited connec¬ 
tions (that's our mysterious Configure button). If 
sending an e-mail invitation presents interesting 
security concerns, a wide-open, permanent invi¬ 
tation should ring additional bells. Nevertheless, 
in an office environment, it also may be the sanest 
method of giving yourself access. Click the 
Configure button to bring up the Configure dialog 
from the KDE Control Centre (Figure 3). Yes, that 
is correct. This configuration dialog also is available 
by running the KDE Control Centre from the K 
menu (or by using the kcontrol command name) 
and looking under the Internet & Network menu 
for Desktop Sharing. 

If you check the Allow uninvited connections box, 
you still have to assign a password for connecting. 
Furthermore, you have the opportunity to "Confirm 
uninvited connections before accepting". You also 
can decide whether to give those uninvited connec¬ 
tions the ability to control the desktop. If you don't 
check the latter, users can give you control at any 
time by selecting the desktop sharing icon that 


Note: 

The IP address displayed may be an issue if you are trying to connect to 
a remote system that is on the other side of a home router or firewall. 
In those instances, you may need to set up a port redirect to allow 
port 5900 to connect to the PC you need to access. Because the way 
to do this varies from ISP to ISP and router manufacturer to router 
manufacturer, there isn't a quick way to explain it here. Your router 
documentation should cover this. 



Figure 4. GNOME’S remote desktop invitation is run by a 
command named vino-server. Suddenly, I’m thirsty. 

appears in their system tray. 

On the GNOME side of things, there's a program 
called Remote Desktop Sharing. On a typical 
GNOME setup, click System on the top menu bar, 
then look under Preferences for Remote Desktop 
(if you like, you can run the command directly using 
/usr/lib/vino/vino-server). The Remote Desktop 
Preferences menu appears as shown in Figure 4. 
Needless to say, I love the name. 

Some of this is going to look very familiar, 
because many of the questions mirror those of 
the KDE Control Centre configuration for desktop 
sharing. If you simply want to show what your 
desktop is doing (and let somebody follow along), 
click the Allow other users to view your desktop 
check box. If you are looking for help, or you want 
to help the person on the other end, make sure 
the person sharing checks the Allow box, second 
from the top. Users who want to leave a sharing 
session open all the time may decide to check the 
Ask you for confirmation button, so that a remote 
user has to have their permission. Finally, if this is 
an unattended connection, you'll surely want to 
assign a password to allow this connection to 
happen. Although it may not seem apparent 
here, you also can generate an e-mail invitation 
by clicking the command listed under Users can 
view your desktop using this command. 

To connect to a remote shared desktop, you can 
use any VNC client—the GNOME vino-server pro¬ 
gram suggests vncviewer as the command to use— 
including a Java-enabled browser. The invitation 
e-mail tells you how to do this. The slicker, desktop- 
oriented way to do this is by using the tools provided 
by your desktop environment. The KDE Remote 
Desktop Connection program (Krdc) can be started 


24 | march 2008 www.linuxjournal.com 





















Remote Desktop Connection - Krdc 


from the Internet K Menu, where you'll see it listed 
as Remote Desktop Connection. From the dialog 
that pops up, you can enter the host connection 
information as shown in Figure 5. 

The connection program can be used simply by 
entering the sharing host's address and pressing 
Connect. Another window appears asking you to 
specify the quality of your connection—whether it 
be a fast LAN connection, a slow dial-up connection 
or something in between. When you do connect, 
what happens depends on how the invitation was 
created. If the confirm option was set, a warning 
message appears on the remote desktop asking for 
confirmation. On the client side, you then may be 
asked for a password. 

On the GNOME side of things, remote con¬ 
nections are done with the Terminal Server Client 
program (Figure 6). You'll find it under Applications 
in the Internet menu, but you also can run it 
directly with tsclient. 

The Terminal Server Client has five tabs, the 
most important of which is the General tab. 

Enter the remote computer's address (including 
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Remote desktop: |l92.168.22.7:0 
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Browse >> 




Enter the address of the computer to connect to, or browse the network 
and select one. VNC and RDP compatible servers will be supported. 
Examples 


kj Help 


Preferences 

Connect 

0 Close 


Figure 5. Connecting with the KDE remote connection program—note the :0 at the 
end of the address. 

the :0 display extension as shown by the desktop 
sharing server program), and make sure you 
select VNC as the protocol from the drop-down 
list. For these remote desktop sessions, you sim¬ 
ply can click Connect and be done. As with the 
KDE client, the remote user may need to confirm 
the session (which may require you to enter a 
password) and then manually give you control of 
the mouse and keyboard. The additional tabs 
allow you to define your display size, set color 



pgdbg [all] 0; 
#1179: 

pgdbg [all] 0: 
#1180: 

pgdbg [all] 0: 
#1161: 


[0] Breakpoint at 0x619A81. function init_module_wrf_quilt, file module_io_quilt.f, line 1179 
IF ( mytask ,EQ. 0 ) THEN 

[0] Stopped at 0x619A8B, function init_module_wrf_quilt, file module_io_quilt.f, line 1180 
OPEN ( unit=27, file="namelist.input", form="formatted", status="old" ) 

[0] Stopped at 0x619B5A, function init_module_wrf_quilt, file module_io_quilt.f, line 1181 
niojgroups 
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1256 , "frame/module_io_quilt.F: quilt initial 


[O^nqaum^: 


MPI_C0MM_W0RLD 
Comm_size 12 

Comm_rank 0 

Pending sends: none 

Pending recieves: none 

Unexpected messages: none 


MPI_C0MM_W0RLD_collective 
Comm_size 12 

Comm_rank 0 

Pending sends: none 

Pending recieves: none 

Unexpected messages: none 


MPI_COMM_SELF 
Comm_size 
Comm rank 
Pending sends: 
Pending recieves: 
Unexpected messages 


MPI_COMM_SELF_collective 
Comm_size 1 

Comm rank 0 

Pending sends: none 

Pending recieves: none 

Unexpected messages: none 
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IF ( mpi_inited ) THEN 
CALL wrf_error_fatal3 ( "module_io_quilt.b" , 


CALL mpi_init ( ierr ) 

CALL wrf_set_dm_communicator (MPI_C0MM_W0RLD ) 

CALL wrf_termio_dup 

CALL MPI_Comm_rank ( MPI_C0MM_W0RLD, mytask, ierr) 
CALL MPI_Comm_Size ( MPI_C0MM_W0RLD, ntasks, ierr 


IF ( mytask .EQ. 0 ) THEN 

OPEN ( unit=27, file="namelist.input", form="formatted", status= 
nio_groups =1 
nio_tasks_per_group =0 
READ ( 27 , namelist_quilt ) 

CLOSE ( 27 ) 

ENDIF 
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The Portland Group, Inc. is an STMicroelectronics company. PGI and CDK are trademarks or registered 
trademarks of STMicroelectronics. Other brands and names are the property of their respective owners. 
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COOKING WITH LINUX 


Note: 


KDE client pro¬ 
grams can con¬ 
nect to GNOME 
desktops and 
vice versa. 




Gniiernl 

Display 

Local Resources 

Programs Performance 


Logon SeUimjb, 


Type the name of line computer or chutist? 
' a computer from the drop-down lust. 


Computer: 

Protocol: 

User Name: 

Password: 

Domain: 

Client Hostname: 
Protocol Tile: 


: i.lUU:U 


JH 


& Open jf^aueAs 


Qi About Conned 


Figure 6. The GNOME Terminal Server Client Program 
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Figure 8. The KDE desktop sharing system tray icon (top 
right next to the clock) lets you manage connections and 
desktop control. 
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Figure 7. The GNOME Desktop Sharing Tray Icon with Drop- 
Down Menu 

depth or modify some performance-related 
parameters. Incidentally, both the KDE remote 
client and the GNOME Terminal Server Client 
also let you connect to an RDP session as well. 

Once a session is open, a tray icon appears in 
your system tray. The GNOME icon looks like a small 
terminal screen (Figure 7), and the default KDE tray 
icon (Figure 8) looks like a screen with a globe in 
front of it. In both cases, you can right-click on the 
tray icon where a drop-down or pop-up menu will 
show you active connections and give you a means 
to terminate them. 

Once you have established a connection, the 
remote system becomes a window on your current 
desktop. You can switch to full-screen mode, or as 
is the case with the KDE client, you can drag the 


window to any size you desire, then click the Scale 
button to resize the remote control session dynami¬ 
cally (Figure 9). 

Despite the many advantages of doing things at 
a distance, there is only one way to enjoy a glass of 
wine, and that is by being there. Luckily, Frangois, 
our most excellent waiter, is not elsewhere, but 
right here in this restaurant. As the clock ticks ever 
closer to closing time, I'm sure we can convince him 
to let us enjoy a little more wine before we head to 
our respective homes. If you please, Frangois, make 
sure everyone's glass is refilled. Raise your glasses, 
mes amis, and let us all drink to one another's 
health. A votre sante! Bon appetitim 


Marcel Gagne is an award-winning writer living in Waterloo. Ontario. He is the 
author of the Moving to Linux series of books from Addison-Wesley. He also makes 
regular television appearances as Call for Help’s Linux guy and every month on 
radio’s Computer America show. Marcel is also a pilot, a past Top-40 disc jockey, 
writes science fiction and fantasy, and folds a mean Origami T-Rex. He can be 
reached via e-mail at mggagne@salmar.com. You can discover lots of other things 
(including great Wine links) from his Web site atwww.marcelgagne.com. 


Resources 


Marcel's Web Site: www.marcelgagne.com 

The WFTL-LUG, Marcel's Online Linux User Group: 

www.marcelgagne.com/wftllugform.html 
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WORK THE SHELL 


Understanding Shell 
Script Shorthand 

dave taylor Wherein we delve into the mysterious shell script authoring style of 

system scripts, deciphering common shorthand notations and explor¬ 
ing why they are a part of scripting. If you ever dig about in system 
scripts, you’ll definitely want to read this column! 



Oh happy day! I got an e-mail from a reader with 
a shell script question that didn't appear to be 
homework from a programming class or anything to 
do with hacking passwords. The reader wrote: 

I am reading the scripts in the /etc/init.d 
directory. I am very new to such scripts and 
don't understand how they're written. In 
every script, there are statements like: 

[ -x /usr/sbin/halt ] || exit 0 

What is the meaning of this? Why is || 
used here? 

Also, in the "stop" case of the halt daemon 
init script, there is this sentence: 

[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$sname 

I don't understand what these do. Can 
you explain? 

With apologies to my old friend Larry Wall, 
this is what I call the "Perl syndrome" (though 
if we really want to go back in time, I saw this 
same problem with Algol-68 and PL/I, among 

If you are missing that 
script, you have some serious 
problems, but a lot of system 
scripts are written this way. 

others, and even worse in Ada)—obfuscated 
code because of the ability of programmers to 
abbreviate their code to make it shorter and, 
sometimes, more efficient. 

Looking at the filesystem explains one of these 
structures. Check this out: 


$ Is -1 /bin/[ 

-r-xr-xr-x 2 root wheel 46704 Sep 23 20:35 /bin/[* 

$ Is -1 /bin/test 

-r-xr-xr-x 2 root wheel 46704 Sep 23 20:35 /bin/test* 

It may seem odd, but there's actually a file in 
the /bin directory in Linux that is called [, and 
it's synonymous with the test utility. You can 
learn about it by typing man test in a terminal 
window, but it's actually more complicated than 
that, because modern shells (such as Bash) have 
test built in to the shell code itself for perfor¬ 
mance reasons. So, there are actually three different 
versions of test. 

If you do opt to use the [ version, the program 
requires that you have a matching ] for syntactic 
cleanliness (e-hygiene?). If you omit it, you'll get 
-bash: [: missing ']’ as an error. 

So, that first statement, [ -x /usr/sbin/halt ] 
| | exit 0, can be unwrapped initially as a test, 
and a quick glance at man test reveals that the -x 
test is for checking whether the named file exists 
and is executable. Basically, this statement ensures 
that there's a /usr/sbin/halt script before it executes 
it to avoid any errors. This is a portability test. If 
you are missing that script, you have some serious 
problems, but a lot of system scripts are written 
this way. 

Now, on to the || notation. Along with its 
partner &&, these two notations cause a lot of 
confusion for people delving into scripts, so let's 
start by reading what the Bash man page says 
about them (man bash): 

commandl && command2 

command2 is executed if, and only if, commandl returns 
an exit status of zero. 

commandl || command2 
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command2 is executed if and only if commandl returns 
a non-zero exit status. 


The return status of AND and OR lists is the exit 
status of the last command executed in the list. 


Clear as mud, right? This will become more clear when we 
go back to the test man page and find out that "The test utili¬ 
ty exits with one of the following values: 0 = expression evalu¬ 
ated to true, 1 = expression evaluated to false or expression 
was missing." 

So, the logic here is that the [] test is performed to see 
whether the script exists and is executable, and if it fails, the 
exit 0 is performed. How do you know if it fails? The test 
statement would return an exit value of 1. 

Now, let's look at the second statement with this in mind. 
You asked about this statement: 

[ SRETVAL -eq 0 ] && touch /var/lock/subsys/$sname 

Again, the [ is a shorthand notation for the test appli¬ 
cation. RETVAL is a system variable, and the -eq is a 
numeric test for equality. In this case, the return value 
again determines whether the test is true or false. If it's 
true (a zero return value), the touch command is used to 
set what's called a semaphore—a lock file to indicate to 
other scripts that the $sname subsystem is locked up and 
unavailable to modify. 

This is actually a pretty sloppy way to set a semaphore 
because it's not atomic. There is a distinct likelihood that in 
the interim between the first RETVAL test and the touch 
command, the script will be swapped out for a few milliseconds 
and another script run. This means that two scripts possibly 
could both believe they've locked the file—something called 
a race condition in computer science theory, and something 
that is obviously not a good thing. 

Anyway, I'm not supposed to be debugging system 
scripts. So, suffice it to say that the purpose of the statement 
is to test the return value of a previous command (there's 
probably a statement like RETVAL=$? on the previous line, as 
$? is shorthand for the return value of the previous shell 
command). If the test is true, the temporary file is "touched" 
(that is, it's created and given a creation timestamp of the 
current date and time). 

Later in the script, there is undoubtedly a statement like 
rm -f /var/lock/subsys/$sname, and in fact, a cleaner way 
to write it would be to trap exit conditions and make sure 
that the lock file isn't left around, even if the script errors 
out. This is done with the trap shell command. Error condi¬ 
tion 0 is a standard termination, so one clean way to write 
this is as follows: 

trap "/bin/rm -f /var/lock/subsys/$sname" 0 

This provides a lot of flexibility, because you can capture 
any of the dozens of possible signals like SIGINT (interrupt) or 


This means that two scripts 
possibly could both believe 
they’ve locked the file—something 
called a race condition in computer 
science theory, and something that 
is obviously not a good thing. 


SIGHUP (hangup). 

Anyway, you're not the first to be baffled by system scripts, 
but as you can see, a bit of persistence reveals all.H 


Dave Taylor is a 26-year veteran of UNIX, creator of The Elm Mail System, and most recently 
author of both the best-selling Wicked Cool Shell Scripts and Teach Yourself Unix in 24 Hours, 
among his 16 technical books. His main Web site is atwww.intuitive.com, and he also offers up 
tech support at AskDaveTaylor.com. 
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MICK BAUER 


Security Features 
in Ubuntu 

Securing Ubuntu is as straightforward as installing it. 


For a couple years, I resisted my friends' attempts 
to get me to check out Ubuntu. I thought, "What's 
the big deal? It's just another Debian derivative." 

But, of course, I was wrong. Ubuntu is remarkably 
easy to install and use, and although it is indeed 
based on Debian, its emphasis on usability and 
simplicity sets it apart. 

Furthermore, both the Desktop and Server edi¬ 
tions of Ubuntu use dual-purpose live CDs that can 
be used either to install Ubuntu or run it from CD 
without affecting any other operating systems on 
your hard disk. This makes it easy to test-drive 
Ubuntu before installing it to your hard disk. (The 
live CD method of booting Linux has important, 
useful security ramifications; however, that will be 
the topic of an entire future column.) 

So, I have been messing around with Ubuntu 
quite a bit lately and thought you might enjoy a 
survey of its security capabilities. 

First, a quick note about the scope of this 
article—I'm sticking to Ubuntu Desktop; space 
doesn't permit me to include Ubuntu Server, but I 
might cover it in a future column. Suffice it to say 
for now that Ubuntu Server is a subset of Ubuntu 
Desktop, lacking the X Window System and most 
other non-server-related software. 

I also do not explicitly cover Kubuntu, which 
simply is Ubuntu running the KDE desktop rather 
than GNOME; Edubuntu, which emphasizes educa¬ 
tional applications; or Xubuntu, which is Ubuntu 
with the Xfce desktop. Everything I cover in this 
article should apply to these Ubuntu variants, but 
there may be subtle differences here and there. 

Note also that Gobuntu, an experimental 
subset of Ubuntu consisting only of completely 
free/unencumbered software packages, probably 
has considerably fewer security features and 
packages than Ubuntu proper. 

Ubuntu vs. Debian 

Ubuntu security isn't very far removed from Debian 
security; underneath the GUI, Ubuntu is very 
similar to Debian. In this sense, Ubuntu shares all 
of Debian's security potential, and then some. If 
a given security tool is available as a deb package 
that works correctly in the current version of 
Debian, it also can be installed in the current version 
of Ubuntu. 


So, why dedicate an entire article to Ubuntu 
security? Two reasons. First, because it has been 
more than a year since my last article on Debian 
security. Second, Ubuntu has a few key differences 
from standard Debian: its status as a live CD 
distribution (which among other things makes it 
a good choice for running on untrusted hardware) 
and its ease of use, which on the one hand, doesn't 
yet much apply to Ubuntu's security features, 
but it does make Ubuntu more attractive to non¬ 
expert users than Debian proper, amplify the 
ramifications of Ubuntu security. Ubuntu also 
uses AppArmor, a powerful means of restricting 
daemon behavior. 

Software is the key difference between Debian 
and Ubuntu. I've long been of the opinion that 
Debian's staggering array of software packages 
is also one of its biggest challenges. Figuring 
out which of those thousands of packages you 
need can be confusing even for expert users. 

A key design goal of Ubuntu is, therefore, to 
support a smaller, carefully selected subset of 
Debian's packages. 

Ubuntu, however, doesn't merely rebundle stan¬ 
dard Debian packages. Ubuntu maintains its own 
versions, and according to Wikipedia, in many 
cases, Debian and Ubuntu packages aren't even 
binary-compatible. (The Ubuntu team has pledged 
to keep Ubuntu compatible with Debian by sharing 
all changes it makes to Debian packages, but the 
Debian team has grumbled about Ubuntu's team 
not being prompt enough in doing so.) 

The biggest source of confusion I've experienced 
with Ubuntu personally is that Ubuntu uses a differ¬ 
ent package repository schema than Debian, and 
Ubuntu's own Web pages aren't terribly clear as to 
how it works. But, it's actually straightforward. 

The main repository consists of fully supported, 
free (unencumbered) packages that are maintained 
by the Ubuntu team, the core of which is employ¬ 
ees of Canonical Ltd. The main repository, therefore, 
is the heart of Ubuntu. 

The restricted repository consists of nonfree 
(copyrighted) packages that are nonetheless 
fully supported and maintained, due to their 
critical nature. The majority of these packages 
are commercial hardware drivers that lack open- 
source equivalents. 
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The universe repository contains free software 
packages that are not considered part of Ubuntu's 
core, and therefore, they are not fully supported. 

The Ubuntu team takes no responsibility for security 
patches for these packages; unlike those in the 
main repository, security patches for universe 
are issued only when the software's developers 
issue them. 

The multiverse repository contains commercial or 
otherwise IP-encumbered packages that are not part 
of Ubuntu's core, and it has the least amount of 
support from the Ubuntu team. As with universe, 
multiverse security updates are purely opportunistic. 

In all four repositories, the vast majority of 
Ubuntu packages correspond with Debian pack¬ 
ages. But, again, because all Ubuntu packages are 
maintained separately, don't assume it's safe to 
install a package from the universe or multiverse 
repositories just because it's fully supported in 
Debian. The Ubuntu team is committed to providing 
prompt security patches only for the main and 
restricted repositories. 

In my opinion, this is a perfectly justifiable trade¬ 
off, just as it is in RHEL and CentOS—the fewer 
packages a distribution supports, the greater the 
feasibility of supporting them well, and the lesser 
the complexity of the distribution. High complexity 
and effective security seldom go together. However, 
the fact that you can't rely on timely security 
updates for universe and multiverse packages also 
means that Ubuntu may not be the best choice for 
you if you're going to depend heavily on packages 
from those repositories. 

Ubuntu Installation 

Now that I've explained how Ubuntu's repositories 
are structured, I can describe how to use them. 
Obviously, there's a lot more to system security 
than installing or not installing software. But, 
software is one of the biggest, if not the biggest, 
differentiators between Linux distributions, so it's 
a logical place to start. 

One interesting thing about the Ubuntu Desktop 
installer is that at initial setup/installation, it doesn't 
ask you which software packages to install. It 
installs a static set of applications, and subsequently 
you can only add to or remove from it. Nor does the 
Ubuntu Desktop installer configure firewall rules or 
allow you to set any other security parameters, 
beyond creating the first nonroot user account. 

Clearly, this installer emphasizes simplicity and 
speed. Luckily, Ubuntu is configured with reasonably 
good security by default. 

The Rootless Ubuntu Experience 

For example, it isn't possible to log in as root. Instead, 
you log in using an account with administrative 


privileges, such as that initial account the installer 
creates for you, then you use the sudo command 
to execute individual commands as root. (You 
can use the Users and Groups applet in the 
System^Administration menu to grant or revoke 
administrative privileges to users.) 

Using sudo prompts you for your own pass¬ 
word (the root account on Ubuntu doesn't even 
have a password!), and then executes the given 
command. Graphical programs in Ubuntu auto¬ 
matically use sudo and prompt you for your 
password as needed. 

Using sudo provides granular control over 
who can execute what privileged commands. 

It also logs all commands it executes. Having 
the root account present but essentially disabled 
also makes it somewhat more difficult for hostile 
code to gain root access. In short, I heartily 
approve of this design decision in Ubuntu. For 
more information, take a look at the Ubuntu 
RootSudo page (see Resources). 

Installing Optional Software 

Once you've installed Ubuntu, you can install 
additional software packages as needed, using 
the Install and Remove Applications applet 
(Add/Remove... in the Applications menu) or the 
Synaptic Package Manager (in the System menu 
under Administration). Figure 1 shows the Install 
and Remove Applications applet. 

This applet is very simple to use, and it comes 
preconfigured with a set of Ubuntu repositories on 
the Internet. If you want to install packages from 
universe or multiverse, you need to enable this 
under Preferences. By default, only packages from 
main and restricted are shown. 



Figure 1. Install and Remove Applications Applet (aka Add/Remove Applications) 
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Figure 2. The 
Synaptic Package 
Manager 


Personally, I prefer the Synaptic Package 
Manager (Figure 2). It handles dependencies more 
gracefully and offers more options for filtering and 
listing packages. It also lists raw packages (all the 
individual deb packages that make up an applica¬ 
tion), whereas the Add/Remove Applications applet 
lists packages only by application name (which 
isn't as precise). If installing an application involves 
four separate component packages plus seven 


Table 1. Security-Related Packages Installed by Default 

Package Name 

Description 

apparmor, apparmor-utils 

Novell AppArmor, type-enforcement 
controls for selected applications. 

fping (!) 

Flood Ping, for probing ranges of 

IP addresses. 

gnupg 

GNU Privacy Guard, a free 

OpenPGP implementation. 

libselinuxl, libsepoll 

SELinux libraries (require user-space 
tools from the universe repository). 

libwrapO, tcpd 

TCP Wrappers, simple IP filtering 
for daemons. 

netcat 

Netcat, a general-purpose 
port-forwarder. 

openssh-dient 

A free SSH client. Note that 
ssh-server isn't installed by default. 

tcpdump 

Classic protocol analyzer (sniffer). 

update-manager 

GUI-based tool for automatic notifications 
and installing software updates. 

wpasupplicant 

WPA client for 802.11 wireless networks. 


dependencies, I want to know it. 

Note that both the Add/Remove Applications 
applet and the Synaptic Package Manager use 
the Software Source applet to obtain current lists 
of available packages. You need to know this, 
because by default, neither the universe nor 
multiverse repositories are enabled, and the 
Software Sources applet is where you enable 
them. In the Ubuntu desktop's System menu, 
open the Administration submenu to find the 
Software Sources applet. If you make changes 
in this applet, you'll be prompted to download 
fresh package lists before quitting. 

Before I discuss actual packages, here's one 
more note about obtaining them: besides the 
Ubuntu repositories on the Internet, you also can 
install packages from the Ubuntu Desktop 7.10 
CD. However, beyond the packages installed 
automatically, this CD contains only 29 additional 
packages from main and three from restricted. 
Therefore, in practice, you'll have to download 
most of the software you install after the initial 
system installation. 

Notable Ubuntu Packages 

Ubuntu Desktop 7.10 automatically installs with 
a number of important security-related software 
packages. Table 1 lists some of my favorites. 

I've mixed security-auditing tools (fping and 
tcpdump) alongside defense tools (gnupg, SELinux 
and TCP Wrappers). Obviously, you need to give 
some thought as to whether a given system is going 
to have an "offensive" role versus a "defensive" 
role with respect to security; security scanners can 
be dangerous! 

The main repository contains a wealth of addi¬ 
tional security software packages. Table 2 lists more 
of my favorites. 

But wait, there's more! We've actually scratched 
only the surface. The universe and multiverse reposi¬ 
tories contain many, many more security software 
packages. Table 3 lists a very small subset of these. 
Remember, the Ubuntu team offers no guarantee of 
timely security patches for these packages. 

As you can see, Ubuntu Desktop is an extremely 
versatile distribution. It contains a wide variety of 
security tools, representing many different ways 
to secure your system (and the network on which 
it resides). 

Automatic Updates in Ubuntu Desktop 

Once you've installed a bunch of software, keeping 
it patched is easy. To configure automatic updates, 
run the Software Sources applet, and select the 
Updates tab (Figure 3). These settings determine the 
behavior of the Update Manager applet. 

The Update Manager applet runs automatically 
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Figure 3. Setting Up Automatic Updates in Ubuntu Desktop 


in the background, but you also can start it manually 
from the System menu in the Administration section. 
You can configure it (from Software Sources) to do 
any of the following: 1) notify you of updates, 2) 
download patches automatically and notify you 
when they're ready for installation, or 3) download 
and install patches automatically. 

Novell AppArmor in Ubuntu 

Remember back in my August 2006 article "An 
Introduction to Novell AppArmor", when I com¬ 
mented that despite its SUSE roots, AppArmor 
probably would be ported to other distributions 
soon? (No? Well, I did say that—you can look it 
up!) Sure enough, not only does Ubuntu have a 
port of AppArmor, but it's also installed and 
enabled by default. 

If you're unfamiliar with it, AppArmor is an 


Table 2. More Security Packages in the Ubuntu Main Repository 

Package Name 

Description 1 

aide 

Integrity checker similar to Tripwire. 

auth-config-dient 

PAM (Pluggable Authentication Module) 
configurator. 

checksecurity 

cron jobs for security checking. 

chkrootkit 

Rootkit detection toolkit (though this is best 
run from read-only media). 

cryptsetup 

Tool for creating encrypted filesystems. 

dovecot-imapd, 

dovecot-pop3d 

Secure IMAP and POP3 daemons. 

exim4-daemon-heavy 

SMTP daemon with extended features. 

gpgsm 

GnuPG for S/MIME. 

ipsec-tools 

User-space tools for configuring IPsec tunnels. 

kwalletmanager 

Password vault for KDE. 

Iibkrb53, krb5-doc 

Kerberos runtime libraries. 

logcheck 

Scans log files for anomalies and sends 
admin e-mail notifications. 

nessus, nessusd 

Nessus security scanner. 

opie-dient, opie-server, 
libpam-opie 

OPIE one-time password system 
(based on S/KEY). 

shorewall 

System for generating iptables firewall rules. 

slapd 

OpenLDAP server daemon. 

squid, squid-common 

Web proxy with caching and security features. 

vsftpd 

The Very Secure FTP Daemon. 


Table 3. Security Software in the Universe and Multiverse Repositories 

Package Name 

Repository 

Description I 

aircrack-ng 

universe 

WEP/WPA wireless network 
shared-secret auditor. 

amavisd-new 

universe 

Antivirus/spam-filter 
helper daemon. 

avscan 

universe 

GUI for ClamAV antivirus system. 

bastille 

universe 

Comprehensive system-hardening 
scripts. 

chntpw 

multiverse 

Changes passwords on Windows 

NT/2K/XP systems. 

damav 

universe 

ClamAV, a free virus scanner. 

djbdns-installer 

multiverse 

Secure domain name service daemon. 

fi restarter 

universe 

An iptables GUI (GNOME). 

flawfinder 

universe 

Source code security analyzer. 

freeradius 

universe 

RADIUS server for remote access 
and WLAN/WPA authentication. 

perdition 

universe 

An IMAP4/POP3 proxy. 

spikeproxy 

universe 

Web client proxy for Web site 
probing/analysis. 

tiger 

universe 

Security audit scripts. 

tripwire 

universe 

The classic file/directory 
integrity checker. 

uml-utilities 

universe 

User Mode Linux virtualization engine tools. 

wireshark 

universe 

Graphical network packet sniffer/analyzer. 

zorp 

universe 

Application-layer proxy firewall. 
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PARANOID PENGUIN 


What this means in English is that AppArmor 
lets you restrict the activities of system 
daemons—what files they can read, which 
directories they can access, which devices 
they can write to or read from and so on. 


implementation of Type Enforcement, a type of 
Mandatory Access Control. What this means in 
English is that AppArmor lets you restrict the activi¬ 
ties of system daemons—what files they can read, 
which directories they can access, which devices 
they can write to or read from and so on. It is a 
powerful means of containing the effects if a pro¬ 
tected daemon is compromised—even if attackers 
succeed in hijacking a given process, they can't use 
it to execute arbitrary commands, read arbitrary files 
and so forth. 

Perhaps surprisingly, given Ubuntu's very slick look 
and feel, AppArmor is configurable in Ubuntu only 
via the command line, using the aa tools (aa-status, 
aa-genprof and so on) in the apparmor-utils package. 
Visit the Ubuntu AppArmor page for more informa¬ 
tion (see Resources). 


Managing Users and Groups 

In the root/sudo discussion above, I mentioned the 
Users and Groups applet. This applet is deceptively 
simple to use. It's actually one of the more sophisti¬ 
cated front ends to adduser, addgroup and so on 



Figure 4. Setting User Privileges in Ubuntu 


that I've seen. If you select a user, click Properties, 
and click the User Privileges tab, you can not only 
grant that user the right to "Administer the system" 
(that is, to execute commands as root using sudo), 
you also can select from a long list of other system 
privileges (Figure 4). 

If you're an old-school sysadmin like me, you 
know that none of these privileges are handled 
directly by tools like adduser; the settings in this 
part of the applet simply determine to which groups 
the user belongs—groups that the Ubuntu team 
carefully has configured to correspond with real- 
world system administration-related commands and 
objects. This is a clever and simple way to manage 
administrative functions, especially in combination 
with sudo. 

Conclusion 

As you can see, Ubuntu's ease of use doesn't come 
at the cost of security—it has Debian's abundance 
of security-related software packages combined 
with straightforward but effective security design 
decisions, such as disabled root and AppArmor, and 
easy update management. ■ 


Mick Bauer (darth.elmo@wiremonkeys.org) is Network Security Architect for 
one of the US’s largest banks. He is the author of the O’Reilly book Linux Server 
Security, 2nd edition (formerly called Building Secure Servers With Linu x), an 
occasional presenter at information security conferences and composer of the 
“Network Engineering Polka”. 


Resources 


Official Ubuntu Home Page: www.ubuntu.com 

Ubuntu RootSudo Page, describing Ubuntu's 
sudo implementation in detail: 

https://help.ubuntu.com/community/RootSudo 

"Keeping Your Computer Safe"—simple security 
tips from Ubuntu 7.10's official documentation: 

https://help.ubuntu.eom/7.10/keeping-safe/ 

C/index.html 

Security Pages in the Ubuntu User Community's 
Wiki: https://help.ubuntu.com/community/ 
Security 

AppArmor Page in the Ubuntu User Community's 
Wiki: https://help.ubuntu.com/community/ 
AppArmor 

The "Securing Debian Manual", indirectly applica¬ 
ble to Ubuntu: www.debian.org/doc/manuals/ 
securing-debian-howto/index.en.html 
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Automate your 
Desktop with wmctrl 

kyle rankin Why move, resize and shade windows by hand when a program can 
do it for you? 



Okay, I'll admit it; I'm addicted to automation. A 
Roomba vacuums for me, my main router checks its 
DSL connection and automatically resets my DSL 
modem if it's down, my porch light is motion- 
sensitive, and my bin directories are full of 
homegrown scripts I use to automate mundane 
computer tasks. There is something so satisfying 
when you can reduce a long series of steps 
down to a single script and just run that script. 

When most people think of automation with 
scripts, they think about the command line. After 
all, most scripts are concerned with standard 
command-line fare, such as pipes, simple logic, 
redirection and parsing text output. These days, 
much of the work on the desktop is done with¬ 
out a terminal, so it would be nice if you could 
automate some of those more mundane graphi¬ 
cal tasks too. A tool called wmctrl can do exactly 
that, wmctrl provides a command-line interface 
to standard window management tasks, so you 

These days, much of the work 
on the desktop is done without a 
terminal, so it would be nice if you 
could automate some of those more 
mundane graphical tasks too. 

can resize and move windows, change desktops, 
toggle sticky and rolled-up statuses on a window 
and much more, all from a shell script. 

wmctrl is a common package in most modern 
distributions, so you should be able to install it 
with your distribution's package manager. Otherwise, 
you can obtain the source from wmctrl's main 
Web site (www.sweb.cz/tripie/utils/wmctrl) 
and build it. One of the great things about 
wmctrl is that it isn't window-manager-specific. 

It changes your windows via Extended Window 
Manager Hints (EWMH), and because most the 
popular window managers these days (such as 
GNOME'S Metacity, KDE's KWin, Compiz Fusion 
and Fluxbox) support EWMH, not only will wmctrl 
likely work with your window manager, but also 


if you decide to change to a different window 
manager, your wmctrl scripts probably will work 
just the same. 

Quake Terminal 

One of the best ways to illustrate the power of 
wmctrl is to create a script that turns a regular ter¬ 
minal into a Quake terminal. For those of you who 
haven't played any games from the Quake series, 
when you press the ' key in Quake, a terminal pops 
down from the top of the screen so you can type 
commands. This type of terminal is very handy on a 
cluttered desktop, but you even could use this to 
create a type of "boss button" to make a window 
disappear quickly. 

In this example, I create a terminal that I've 
titled "Quake Term", but you can change this 
script to work with the title of any window on 
your desktop. If you are unsure how wmctrl will 
view your window's title, run wmctrl with the -I 
option to show information about all the win¬ 
dows on your desktop: 


greenfly@minimus:~$ wmctrl -1 


0x020000ba 

0x00e00031 

0x01200003 

0x00800029 

0x00800003 


0 minimus Quake Term 
-1 minimus Desktop 
-1 minimus gkrellm 
-1 minimus Top Expanded Edge Panel 
-1 minimus Bottom Expanded Edge Panel 


0x01000172 0 minimus greenfly.org - Mozilla Firefox 


The very last field in this output is the title of a 
particular window, and this is the information wmctrl 
can use to identify windows for which you want to 
script actions. To create a basic Quake Term, you 
just need a single wmctrl command: 

#! / b i n / s h 

wmctrl -r 'Quake Term' -b toggle,shaded 

The -r option tells wmctrl the window title on 
which to act, and the -b option tells wmctrl either 
to add, remove or toggle up to two different 
window properties (in this case, the shaded state 
of my window). The wmctrl man page lists all 
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the available properties you can tweak with this and any 
other options. 

Note that wmctrl scripts work best if windows have 
unique titles. If you have multiple windows open with the 
same title, you might not shade the right one. Each terminal 
sets its title differently, but for instance, on a GNOME terminal, 
you can change the title within your profile settings (right-click 
on the terminal and select Edit Current Profile). 

I use a modified version of the above command that not 
only shades the window, but also moves it to the back below 
any other windows. The script also keeps track of the toggled 
state with a temporary file so that I can be sure the shaded 
and stacked states stay in sync: 

#!/bin/sh 

# Unshade and bring to front 

if [ -f /tmp/.quake.shaded ]; then 

wmctrl -r 'Quake Term' -b remove,below 
wmctrl -r 'Quake Term' -b remove,shaded 
rm /tmp/.quake.shaded 

# Shade and send to back 
else 


One of the great things 
about wmctrl is that it isn’t 
window-manager-specific. 

wmctrl -r 'Quake Term' -b add,shaded 
wmctrl -r 'Quake Term' -b add,below 
touch /tmp/.quake.shaded 
fi 

I simply bind Super-' to run the above script, and then I can 
toggle my terminal up and down with a quick key sequence. 

Quake terminals are handy, but you can do much more 
powerful things with wmctrl. One of the most handy scripts 
I've created with wmctrl solves a problem I've had when I 
chat in IRC and browse the Web at the same time—it's a 
pain to resize both windows so you can see both, just to 
resize them back when you are done chatting or browsing, 
wmctrl lets you resize and move windows, provided you 
know how to describe the new window location and geom¬ 
etry. With this in mind, I've created a script that toggles 
between two states: normal mode and chat mode. In chat 
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In chat mode, my IRC window shrinks 
and moves so that it sits in a narrow 
strip at the top of the screen, and my 
Web browser resizes to be shorter so I 
can see both windows at the same time. 


the y coordinate to 0 instead of 96. I've found 
that in some window managers, the geometry 
the window manager reports to wmctrl is different 
from reality. Basically, you need to do a little trial 
and error and tweak the coordinates so that every¬ 
thing lines up just right. Once you are satisfied with 
your respective wmctrl commands, you can throw 
them in a script very similar to the one I used above 
for the Quake terminal: 


mode, my IRC window shrinks and moves so that 
it sits in a narrow strip at the top of the screen, 
and my Web browser resizes to be shorter so I 
can see both windows at the same time. Then, I 
can run the script again, and the windows move 
back to their normal locations. 

To create the script, first arrange your two 
windows (in my example, one with "Irssi Term" 
in the title and one with "Firefox" in the title) 
how you normally want them, and then run a 
special wmctrl command to list all the windows 
on your desktop along with their geometry and 
size information: 

greenfly@minimus:~$ wmctrl -1G 


0x00e00031 

-1 

0 

48 

1280 

768 

minimus Desktop 

0x01200003 

-1 

-130 

100 

62 

367 

minimus gkrellm 

0x00800029 

-1 

0 

0 

1280 

24 

minimus Top Expanded Edge Panel 

0x00800003 

-1 

0 

1524 

1280 

25 

minimus Bottom Expanded Edge Panel 

0x01000172 

0 

6 

96 

1040 

708 

minimus greenfly.org - Mozilla Firefox 

0x0201c24f 

0 

-2552 

96 

642 

410 

minimus Eterm Main 1 

0x02000021 

0 

-2552 

96 

642 

410 

minimus Eterm Main 1 

0x020000ba 

0 

938 

96 

810 

500 

minimus Irssi Term 


In this output, the -G option adds four extra 
columns in the middle. These columns represent the 
x-offset, y-offset, width and height, respectively. So, 
in the case of Firefox, the x-offset is 6, the y-offset 
is 96, the width is 1040, and the height is 708. Jot 
down these values for the two windows you want 
to script, and then resize and move them to reflect 
your "chat mode". Next, run the command again 
and jot down the new values. 

wmctrl provides the -e argument that allows 
you to modify the position and size of a window. 
The argument actually takes five integer values in 
a row—g,x,y,w,h—where g is the gravity of the 
window (usually put 0 here), x and y are the x 
and y coordinates for the top-left corner of the 
window, and w and h are the width and height, 
respectively. So, if I had moved my Firefox terminal 
and wanted to move it back to the above coordinates, 
I would run the following: 

wmctrl -r Firefox -e '0,6,0,1040,708' 

If you look carefully, you might notice I changed 


#!/bin/sh 

# Change to normal mode 

if [ -f /tmp/.irssi.halfshaded ]; then 

wmctrl -r 'Irssi Term' -e '0,469,0,810,500' 
wmctrl -r Firefox -e '0,3,0,1040,708' 
rm /tmp/.irssi.half shaded 

# Change to chat mode 
else 

wmctrl -r Firefox -e '0,3,223,1210,535' 
wmctrl -r 'Irssi Term' -e '0,0,0,1214,160' 
touch /tmp/.irssi.halfshaded 
fi 

I noticed that with the current window manager 
(Compiz), when I ran this command, some bug— 
either in wmctrl or, more likely, in the window man¬ 
ager—caused Firefox to move from my second 
desktop to my current desktop. If this happens to 
you, there's a simple fix. Simply add the following 
line above the if statement in the script: 

wmctrl -o 1281,0 

wmctrl has commands both for shifting to 
different desktops and also to different viewports. 
Because Compiz often uses multiple viewports 
instead of desktops, the above command moves me 
to the second viewport (my desktops are 1280x768, 
so 1281,0 corresponds to the top corner of my 
second viewport). 

wmctrl has a lot of power. I recommend looking 
at its man page and reading about the large num¬ 
ber of available options. The real power in wmctrl, 
however, lies in your ability to imagine new and 
interesting ways to script window manager actions. 
My next project is to create a "reset" script that 
moves all the windows on all my desktops to 
precise locations and sizes, in case they all are 
moved around and resized. Sure, I could do all 
that by hand, but then I'd miss this great oppor¬ 
tunity for automation. ■ 


Kyle Rankin is a Senior Systems Administrator in the San Francisco Bay Area and 
the author of a number of books, including Knoppix Hacks and Ubuntu Hacks for 
O’Reilly Media. He is currently the president of the North Bay Linux Users’ Group. 
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Computer Professionals' 

Union Karapatan-Monitor 

Here's some irony for you. On one hand, Google stifles human rights by censoring Google China for the 
authoritarian Chinese regime. At the same time, Google Code hosts an antidote, a new human-rights moni¬ 
toring program, called Karapatan-Monitor. Created and maintained by the Computer Professionals' Union in 
the Philippines, the open-source Karapatan-Monitor records incidents of human-rights violations and allows 
for classification of violations, perpetrators and victim status. Specific victim updates (for example, court cases 
and file attachments) also can be recorded. Now, the question remains, "Dear Google, can those who need Karapatan-Monitor 
most, such as our Chinese brothers and sisters, even access it?" 
www.cp-union.org 

Avinti's NEWT Free Malware Security Service 

The battle of good vs. evil continues, with the good guys adding a sharp new arrow to 
the quiver: Avinti's NEWT Free Malware Security Service. Fresh out of beta, NEWT 
(Neutralize E-mail and Web Threats) is a freeware plugin filter for Sendmail, Postfix and 
(soon) Exim that addresses blended threat attacks. Avinti reported an average of 750 
new threat e-mail messages per day in late 2007. The company emphasizes that 
"blended threats are an increasingly popular way for hackers to bypass traditional e-mail 
security" by sending URLs hosted on botnet-infected computers. In addition, "some of the malware also is on legitimate sites that 
have been injected with a cross-site scripting hack, making detection and blocking by Web filters difficult." NEWT can block, tag 
or quarantine e-mail messages containing such threats. NEWT is available for free download from Avinti's Web site. 
www.avinti.com/newt 

WaveMaker's Visual Assembly Studio 
& Rapid Deployment Framework 

WaveMaker has declared Visual Assembly Studio & Rapid Deployment Framework, 
a new team of products for developing Web applications, as "Web Fast and CIO 
Safe". (Do you breathe fire, as well, dear CIO?) Visual Assembly Studio provides 
departmental developers with a visual environment to create scalable, data-driven 
Web applications without complex code or portal frameworks. Meanwhile, Visual 
Assembly Studio enables the drag-and-drop assembly of Web applications using 
Ajax widgets, Web services and databases. WaveMaker claims a 67% decrease in 
development time and a 98% reduction in lines of code written vis-a-vis .NET. Both 
products are built on open source and open standards. Visual Assembly Studio is 
free, and the Rapid Deployment Framework is available under commercial license. 
www.wavemaker.com 





VMware's ESX Server in SAP Production Environments 



VMware, Inc., and SAP AG recently announced a partnership whereby 
SAP's 64-bit enterprise applications and business solutions (such as ERP, Bl, 
CRM, SCM and so on) for Linux and Windows will run on VMware's ESX 
Server. Already-certified hardware includes servers from Dell, Fujitsu- 
Siemens, HP, IBM and Sun. Both firms will collaborate on support services 
and problem resolution arising from the partnership. The companies state 
that the partnership will "combine the powerful process management 
capabilities of SAP solutions with the robust data-center management and 
cost-saving features of VMware infrastructure." The results are projected 
to provide improved management of IT resources, reduced downtime, 
reduced server sprawl and quick-and-easy server provisioning. 
www.vmware.com/SAP 
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NEW PRODUCTS 


Edward L. Haletky's VMware ESX Server 
in the Enterprise: Planning and Securing 
Virtualization Servers (Prentice-Hall) 

If you take advantage of the SAP-VMware deal (see page 40), here's a strategically placed 
impulse buy: Edward L. Haletky's VMware ESX Server in the Enterprise: Planning and Securing 
Virtualization Servers, published by Prentice-Hall. Author Haletky, an expert in large-scale ESX Server 
implementations, has gathered a practical, solutions-focused collection of information on the applica¬ 
tion—tips, best practices, field-tested solutions, issues, trade-offs and pitfalls. He also covers the entire 
life cycle, including planning, installation, system monitoring, tuning, clustering, security, disaster 
recovery and so on. Focusing on ESX v3.x, the book also illustrates differences with ESX v2.5. 
www.informit.com 

Vadym Gurevych's osCommerce Webmaster's 
Guide to Selling Online (Packt) 

Nowadays, finding a professionally produced guide to an open-source application is a snap, thanks in part 
to nimble book publishers like Packt Publishing. Packt just released Vadym Gurevych's osCommerce 
Webmaster's Guide to Selling Online, a guide to creating a successful osCommerce-based on-line busi¬ 
ness. osCommerce is an open-source e-commerce solution using PHP and MySQL that runs on a variety 
of platforms. This book focuses on fine-tuning an osCommerce-based site to maximize its effectiveness, 
such as increasing Google juice and improving shopping-cart design. Meanwhile, Packt offers a different 
book, Deep Inside osCommerce: The Cookbook, for the development side of the application. 
www.packtpub.com 

Sander van Vugt's Beginning Ubuntu Server 
Administration: From Novice to Professional 
(Apress) 

Do you think that Ubuntu Server will take over the Linux server space as it has the desktop? 
Apress has a new means for you to decide for yourself in Sander van Vugt's Beginning Ubuntu 
Server Administration: From Novice to Professional. Intended for system administrators who need 
to "land that crucial entry-level job", Beginning Ubuntu will help you securely install, update and 
deploy an Ubuntu server, focusing on practical information rather than theory. The book covers 
standard servers, the command line and remote management. 
www.apress.com 

OpenPeak's OpenFrame Devices 

In-home device convergence has long been the Holy Grail for many a company. Remember 
WebTV? (Stop giggling, please, we must proceed!) A new and compelling Grail-seeker is 
OpenPeak with its forthcoming OpenFrame line of devices. Although details remain sketchy 
pre-Consumer Electronics Show, we do know that the goal is to create a line of Linux-based 
devices that "revolutionize the home phone into a 'third screen', complementing the home's 
PC, TVs and mobile phones." These devices will utilize telephony, VoIP and Internet, thus i 
allowing users to access e-mail, voice mail, personal calendars and information, as well as “ 
leave memos for family members and make phone calls—all from one device. The good news 
for us is that OpenPeak is seeking outside developers to create applications for its software 
platform. All products will be available through OEM partners, the first of which is Verizon. 

www.openpeak.com 
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Administration 
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ASUS Eee PC 

An easy-to-love, ultraportable PC. jeshall 


The ASUS Eee PC is an extremely 
small, ultraportable notebook at the 
cheapest end of the market. At $399 
US, it's supremely affordable. The entire 
industry has been buzzing around it, 
with Asus claiming that it was America's 
most popular Christmas gift. 

When we arrived at the store to pick 
up our Eee to review, all the salespeople 
were busy. We looked near the lap¬ 
tops for it and couldn't see it— 
had the shipment been delayed? 

We finally snared a sales¬ 
person to ask about the Eee 
and were led to the small 
electronics cabinet. There, nes¬ 
tled among the compact cameras 
and iPods, was one of the smallest laptops 
we'd ever seen. Its box was also 
diminutive. Inside the box is the Eee, 
manuals, CD, charger, neoprene sleeve 
and the Eee's battery. We appreciated 
the inclusion of the sleeve—most 
notebook bag and case makers have 
nothing for a machine this small. 

First Impressions 

Asthetically, the Eee looks like exactly 
what it is—a miniature laptop. Ours 
came in pearl white. It drew comments 



and 

admiring 

glances everywhere 
we took it—for both its 
extremely small size and smooth 
styling. The only aspect that mars its 
appearance is a large screen bezel. We 
feel the Eee would be vastly improved 
cosmetically if the screen filled even half 
that bezel. But, that's a minor issue in 
an otherwise very attractive notebook. 
The Eee has a nice touchpad, 
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Figure 1. Web browsing shows how cramped the Eee screen is. 


although a 
little small. 
There is a single¬ 
width button that 
will execute a right-click 
if you press down on the 
right-hand side. We found this a little 
difficult to get used to, as it was hard to 
tell without looking exactly where you 
were about to click. The touchpad will 
scroll if one traces a finger down the far 
right—an extremely small target we 
found difficult to hit reliably. We've read 
a lot of reviews that seem displeased 
with the keyboard, and frankly, we just 
can't see why. The keyboard has an 
excellent feel to it, although again, it is 
extremely small. It took less than an 
hour to get used to touch-typing on it 
at quite a reasonable speed. 

The screen is LED-backlit, making it 
extremely bright. Unfortunately, that's the 
only kind thing we can say about it. The 
contrast and colour is dreadful, and 
although the screen is a reasonable DPI, 
the resolution is just not high enough for 
Web browsing. Most sites these days are 
optimised for at least a 1024x768 resolu¬ 
tion, and having a screen only 800 pixels 
wide made us scroll sideways fairly often 
to see whole pages. 

The speakers are surprisingly good. 
Sure, the sound isn't studio-quality, but 
the volume can be maxed out without 
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distortion, and the clarity is acceptable. 
With good headphones, sound is even 
better, although it did have a slightly 
muddy quality. The headphone socket 
is extremely clean with no discernible 
hiss even at high volumes. The internal 
microphone is adequate for voice chat, 
and plugging in a headset with an 
external microphone works exactly as 
you'd expect. 

Connectivity is excellent with 10/100 
Ethernet, 802.11 b/g wireless and three 
USB ports. There's also an SD card slot 
on the left-hand side, and the card sits 
flush with the side of the laptop. It sup¬ 
ports SDHC cards, which is a very viable 
option for expanding the onboard storage. 
There's also a VGA-out port that displays 
up to 1280x1024 on an external display 
with excellent acceleration. This feature 
alone makes the Eee far more worthwhile 
for serious use, as the mediocre inter¬ 
nal display becomes an acceptable 
compromise—having a tiny device to 
carry around, but a reasonable screen 
resolution while at home. 

Software 

ASUS's customised "easy" interface is 
built on Xandros and consists of a 
tabbed desktop application launcher 
and the IceWM window manager and 
panel. The interface is slick and well 
optimised for the low screen resolution. 
A home key on the keyboard where the 
Windows key usually is minimises all 
applications and reveals the program 
launcher. It's pretty clear ASUS antici¬ 
pates that most people will be running 


applications maximised. The launcher 
tabs are divided into Internet, Work, 
Learn, Play, Settings and Favourites. 

The Internet tab includes launchers 
for Firefox, Skype and the Pidgin 
instant-messaging client, as well as 
some shortcuts for loading Firefox with 
a preconfigured page to access services, 
such as Wikipedia, various Webmail 
providers and Internet radio. The version 
of Skype installed does not support 
video chat, which we feel to be a fairly 
glaring omission for a device with a 
built-in Webcam. 

The Work applications include 
Thunderbird for e-mail, KDE's Kontact 
suite for PIM and Adobe's Linux Acrobat 
Reader software. OpenOffice.org ver¬ 
sion 2.0 is available, and it performs 
surprisingly well given Eee's limited 
resources. One feature that isn't 
immediately apparent, but mentioned in 
the manual, is that a terminal can be 
accessed with the keybinding Ctrl-Alt-T. 
SSH and rdesktop are two applications 
that can be accessed this way for those 
who are terminal-savvy. 

KDE's edutainment suite is well 
represented under the Learn tab with 
science-, language- and math-related 
educational tools from the project 
included. Tux Typing, Tux Math and 
Tux Paint complete the selection. 

With the addition of on-line learning 
facilities, we feel the Eee would make 
an excellent educational aid. 

The Play tab includes quite a few 
subcategories for various types of 
media. A basic image viewer 


Specifications 

■ 4GB solid-state Flash disk 

■ 512MB, 400MHz DDR2 memory 

■ 900MHz Intel Celeron Mobile 

■ Intel 945GM Graphics 

■ Atheros 802.11 b/g wireless 

■ 9 11 screen at 800x480 resolution 

■ Three USB 2.0 ports 

■ Kensington lock slot 

■ SD/MMC reader 

■ VGA out 

■ 10/100 Ethernet 

■ Headphone and microphone jacks 

■ 640x480 Webcam 

■ Customised Xandros OS 

■ IceWM, with ASUS enhancements 


(Gwenview) is included, as well as an 
excellent MPlayer front end capable of 
viewing most multimedia formats. We 
found that getting high-quality, full¬ 
screen, highly compressed media 
content was quite the struggle, but 
with a bit of practice, we're sure we 
can encode some video files that the 
Eee will play well. DVD content off 
an external drive plays reasonably. 

We were very pleased to see some 
of our favourite procrastination-enablers 
under the Games tab. Frozen Bubble is 
insanely addictive, and Crack Attack 
looks like it will be second on the list of 
"Reasons This Review Will Almost 
Certainly Be Late". Penguin Racer a nd 
Potato Guy are old-fashioned favourites, 
and Solitaire, Sudoku and a Tetris clone 
round out the selection. 

The Settings tab allows for minimum 
configurability—here are options for 
setting up printers, configuring the 
touchpad and checking for updates, 
among others. We eagerly looked 



Figure 2. ASUS "Easy” Interface 
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Figure 3. Kontact’s excellent PIM suite is a little squished. 



Figure 4. How can a game this simple be so insanely addictive? 


through the personalisation dialog 
but were disappointed to see it did 
not allow us to change the theme to 
one that does not attempt to model 
Microsoft Windows XP's much-hated 
style. The tool to enable an external 
display is simple and straightforward— 
something we certainly haven't found 
on other Linux desktops. 

The Favourites tab lets us create 
launchers to our favourite applications, 
although there was no way of creat¬ 
ing a launcher to an application that 
wasn't already on another tab. The 
option to create a custom launcher 
would be appreciated. 


The first thing we tried was con¬ 
necting to various wireless networks, 
using a USB GSM modem. For some 
unknown reason, there actually are 
two networking tools installed on the 
Eee: one that can scan and connect to 
wireless networks, and one that han¬ 
dles all other connections and saved 
profiles for wireless networks. It took 
quite a few connections where we had 
to enter the key in every single time 
before we discovered the second tool, 
with the key saved. It seems utterly 
needless to have two separate tools 
for this when the various Network 
Manager front ends are an excellent 


We were blown away 
by how easy it was 
to configure a USB 
3G modem—the 
connection wizard 
did almost all of the 
work for us, and we 
were on-line within 
five minutes. 

example of an all-in-one tool that's 
painless to use. Hopefully, ASUS will 
merge these tools in a later release. 

We were blown away by how easy it 
was to configure a USB 3G modem—the 
connection wizard did almost all of the 
work for us, and we were on-line within 
five minutes. Powering the modem seems 
to reduce the battery life to about two 
and a half hours, but we still were 
impressed that the laptop and modem 
are less than 1 kg to carry around. Battery 
life in general is a bit of a sore point. The 
Eee gets a little more than three hours in 
our testing, if it's on wireless, and we feel 
this just isn't really enough for an ultra¬ 
portable. That said, the power adapter for 
the Eee is quite small; it looks a bit like an 
oversized cell-phone charger. Carrying the 
charger to top up the Eee whenever you 
happen to see a power point really doesn't 
add much weight or bulk. 

Although we appreciate that the 
Eee could include only so much for the 
price, it would have been nice to see 
Bluetooth support and a larger screen. 

At the end of the day though, every 
time we thought of a way the Eee could 
be improved, we kept coming back to 
the price—$399. The cheapest ultra¬ 
portable from other vendors is closer to 
$1,200, and those aren't as small or 
totable as the Eee. It's no wonder that 
the Eee is taking off so quickly and 
developing such a following. Out of the 
box, it's a compelling little appliance. 

Most of the Eee's downsides are elimi¬ 
nated when you see how the machine 
can be customized. With some custom 
packages and a full Linux desktop, the Eee 
is a formidable tool for the intermediate 
Linux user. In my opinion, the Eee is five 
minutes away from being a great backup 
writing and open-source development 
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Figure 5. Networking Tools 


tool. Install Subversion, add a USB HSDPA 
modem, and I'd have an extremely 
portable, very cheap and rugged tool for 
basic hacking tasks and for writing arti¬ 


cles—most of this article was written on 
the Eee, sitting in various cafes around 
Wellington. With a USB-to-serial adapter 
and the addition of minicom, it would be 


a great tool to take into server rooms to 
aid me in my day job as a sleep-deprived 
systems administrator. It's been my con¬ 
stant companion for the past few weeks— 
coming with me to places I wouldn't dare 
to risk my far-more-expensive and delicate 
Sony Vaio. Throw it in a backpack or even 
a large handbag, and it's ready and wait¬ 
ing. I'd far rather risk spilling beer on it 
at a pub hackfest, getting knocked 
around in my carry-on luggage or being 
taken to conferences where I have an 
absolute gift for having computers 
stolen. Although $399 isn't cheap 
enough to make it disposable, it's far 
more so than something costing $2,000. 

Next month, I'll take you through vari¬ 
ous ways the Eee can be hacked to unlock 
the full power of the Linux it's running 
underneath, and I'll also take a look at 
trying different Linux distributions on \t.m 


Jes Hall is a Linux Technical Specialist and KDE developer from 
New Zealand. She’s passionate about helping open-source 
software bring life-changing information and tools to those 
who would otherwise not have them. 




For details : 

http://www.embeddedlinuxconference.com/ 

Lh Linux J-orum JdSS WV I bJrd Un«\ Bedve-io:\ uk y Wdb, UsA- 


Embedded 


Come and join us! 


Conference (ELC) 2008 


ELC is the mein event where developers from around the world who work on 
open source software for embedded systems can get together and meet with 
open source community people. Through a variety of sessions, BoFs, tutorials, 
technical showcases and evening activities, we will exchange knowledge of 
open source software technologies, to learn, share, and overcome the 
problems we all face using Linux. Come join us and be inspired by technical 
ideas on the evolution of Linux and related software, and at the same time 
connect with your counterparts in this industry. 


A. the Computer History Museum (Mountain 

From ApriH5th to 17th 


Currently in its fifth year, ELC is the longest-running international conference dedicated specifically to using Linux in embedded devices and products. 
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SOFTWARE 


IBM's Unfinished 
Symphony 

When Lotus Symphony faces the music, the question 
becomes, "Do we really need another proprietary office 
suite based on OpenOffice.org?” bruce byfield 


Talking about IBM Lotus Symphony in 

any meaningful way is impossible without 
constant references to OpenOffice.org. 
Consisting of three applications—the self- 
explanatory Documents, Presentations and 
Spreadsheets—Symphony is not only a 
proprietary rival to OpenOffice.org in the 
cross-platform office space, but also is 
based on OpenOffice.org code, a move 
made possible by OpenOffice.org's release 
under the GNU Lesser General Public 
License. Under these circumstances, com¬ 
paring the two applications is by far the 
quickest and most accurate way to explore 
Symphony's general features and interface, 
as well as what new features it adds to the 
codebase and what it leaves out. 

To say the least, the result is mixed. 

Specifically, Symphony is the 
OpenOffice.org 1.14 code dropped 
into an Eclipse framework, without any 
attempt to include the various add-ons 
available for the original. The version 
choice has the advantage of ensuring 
that Symphony is based on a mature 
codebase, and the reliance on Java 
sidesteps the need to bring developers 
up to speed on every intricacy of 
OpenOffice.org's notoriously cryptic code. 

However, these choices also extract a 
price. For one thing, version 1.14 is 
two years old and missing many of the 
improvements in the 2.x releases. These 
include such features as version 2.3's 
new chart system, the ability to use 
movie and sound clips in presentations, 
and the expansion and improvement of 
the on-line help. All that Symphony 
seems to have borrowed from later 
releases is the enhanced drawing toolbar. 

As for any add-ons, forget them. 
Symphony does not even include 
ExtendedPDF, which gives users 
expanded control over exports to PDF. 
Although Symphony does allow exports 
to PDF, the feature is basic compared to 


the one offered in the latest versions of 
OpenOffice.org in most distributions, 
which install ExtendedPDF by default. 

Similarly, although reliance on Java 
may speed development—IBM boasts 
that the current beta 2 was developed 
in less than two months—it does not 
make for compact apps without 
careful coordination of development. 
Symphony's installation size is huge— 
683MB compared to less than 200MB 
for recent versions of OpenOffice.org, 
even though it does not include 
versions of OpenOffice.org's drawing, 
database and equation editors. 
Symphony's start-up speed is slow 
too, taking at least twice as long as the 
latest versions of OpenOffice.org using 
the same equipment. Although these 
figures may improve in later releases, they 
seem unlikely to match OpenOffice.org's 
any time soon. 

The Interface 

Despite improvements during the last 
two years, including a change from bat¬ 
tleship gray to beige, OpenOffice.org's 
interface has never been an example of 
beauty. It tends to be ramshackle, never 
sure if it should borrow from MS Office 
and other proprietary apps or develop 
its own design. Nor has any attempt 
been made to enforce design standards, 
which means that new features, such as 
the dictionary and font installers, follow 
a logic of their own. If there ever was a 
program that demanded an interface 
redesign, it was OpenOffice.org. 

And, at first glance, Symphony pro¬ 
vides that redesign. Its selection of blues 
with the occasional orange highlight 
may be chosen mainly for IBM branding, 
but the overall effect is much more uni¬ 
fied and pleasant to the eye than any¬ 
thing OpenOffice.org has managed to 
offer so far. However, this unity is mainly 


on the surface. Open a dialog box, and 
you are back with OpenOffice.org's 
familiar, starkly functional designs. 

In much the same way. Symphony 
attempts to edit and rearrange 
OpenOffice.org's menus. Because many 
OpenOffice.org features are omitted 
(see below), Symphony can hardly help 
but have shorter menus, making them 
easier to use. In fact, Symphony even 
has the space to make some features 
more prominent, dragging the Direct 
Cursor out of Tools^Options to place it 
in the Edit menu, or to make page 
numbering a top-level item rather than 
hiding it among Insert^Fields to the 
puzzlement of new users. Such changes 
can only increase ease of use. 

Too often though, the changes seem 
arbitrary. Replacing Format Cells with 
Text and Cell Properties in Spreadsheets 
does nothing for clarity, any more than 
replacing the Format menu with Layout 
or the Insert menu with Create does. 
And, is there any reason for labeling 
spreadsheets with letters instead of 
OpenOffice.org's numbers? 

The same mixture of usefulness and 
arbitrariness occurs with the positioning 
of items. Moving the Options item from 
the Tools menu to the File menu (where 
it is called Preferences) seems sensible, 
because the File menu is where you 
expect to find basic setup settings. 
But, why shift page setup from 
Format/Layout to the File menu? The 
fact that MS Word used to do so hardly 
seems reason enough. 

A more concrete improvement is 
Symphony's borrowing of a Web brows¬ 
er format, opening on a useless Home 
page and opening new documents by 
default in tabs in the same window. 
From there, a document can be opened 
in a separate window via a right-click. 
This arrangement is enhanced further 
by a thumbnail view of documents in 
the Window menu, which can be set to 
view only a specific type of document. 

However, the addition of a docked 
Properties window on the right side 
of the editing window is less useful. 
This window displays elements that 
are selectable from the menu in 
OpenOffice.org, showing Text and 
Paragraph settings in Documents, 

Page settings in Presentations and cell 
settings in Spreadsheets. Anyone 
familiar with OpenOffice.org might 
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wonder not only about the advisability 
of another floating window to add to 
the Navigator, Styles and Formatting, 
Gallery and Data Sources (although 
Symphony eliminates Data Sources), 
but also why the Properties window is 
so important that it is the only float¬ 
ing window that can be docked on 
the right side of the editing window. 

Even more important, the effect of 
showing the Properties window by 
default is to encourage manual format¬ 
ting at the expense of styles. Particularly 
in the word processor, this emphasis is 
equivalent to teaching someone to make 
hand signals when learning to drive and 
not bothering to mention the signal light. 
More than any other office suite, 
OpenOffice.org relies on styles, with sev¬ 
eral features, such as tables of contents 
and outlines, being much more difficult 
to use if you rely on manual formatting. 

Perhaps the Properties window is in 
response to OpenOffice.org users who 
do not want to be forced into using 
styles (as though styles were anything 
except a time-saver for them), but its 
prominence suggests that Symphony's 
designers do not understand the logic 
of the program they are mutating. If 
you are using the code the way it was 
intended to be used, the Properties 
floating window is an irrelevance. 

Missing Features 

To those familiar with OpenOffice.org, 
one of the distinguishing characteristics 
of Symphony is how many features 
have been ripped out. In all the applica¬ 
tions, the list is a long one. 

To start with, many features for 
interoperability are missing. For 
instance, unlike in OpenOffice.org, in 
Symphony you cannot store data for 
use in other documents, embed one 
document in another or export a list 
of headers in the word processor to 
create the slides in a presentation. 

In Documents, the list of the missing 
continues. All wizards are gone, as well 
as any capacity to create labels, business 
cards or anything else that requires a 
mail merge. No Autotext, bibliographies, 
hyphenation, thesaurus, outline number¬ 
ing, autoformats for tables or master 
documents are available. Neither are 
many types of fields, including ones for 
hidden paragraphs or text, input lists, 
document information or user data. 

Presentations and Spreadsheets are 


somewhat less devastated. Still, 
Presentations lacks the initial wizard or 
any sound support, and Spreadsheets 
lacks the ability to split or freeze win¬ 
dows to improve the viewing of long 
documents or to autoformat selected 
cells. Flowever, in Presentations, you 
might think that more is missing than 
really is the case, because many items 
are concealed in main and right-click 
menus, and combo boxes for things 
such as slide transitions list only a half- 
dozen items at a time and require click¬ 
ing Other to see other selections. 

In none of the three programs can 
you edit keyboard shortcuts or cus¬ 
tomize menus and toolbars. You still can 
run macros, but without these customiz¬ 
ing features, they are less accessible. 
Instead of assigning them to keystrokes 
or adding them to the toolbar, you have 
to drill down through several levels of 
menus in order to use them. 

What is left is enough for most users 
in undemanding circumstances. Still, the 
logic behind what is omitted is obscure. 
Although the tendency is to exclude any¬ 
thing that requires instruction to learn or 
increases users' ability to customize, per¬ 
haps the true reason is to trim the hard 
drive requirements as much as possible. 

New Features and Old 

Against these omissions. Symphony 
boasts only a handful of innovations. 
The single window for opening applica¬ 
tions includes a Web browser accessible 
from the New button, but this hardly 
seems the time to introduce one. 
OpenOffice.org dropped its Web brows¬ 
er when its code was first released, and 
the integration of applications on 
GNU/Linux desktops is strong enough 
that nobody has missed it since. 

Otherwise, new features—as 
opposed to ones made more prominent 
by repositioning—are surprisingly few in 
Symphony's applications. Aside from the 
single window with search and thumb¬ 
nail features, probably the main addi¬ 
tion is the Freehand Table feature it bor¬ 
rows from MS Office. And this feature, 
although showy, is slow and impractical 
compared to choosing the number of 
rows and columns by dragging the 
mouse over a grid. 

However, Presentations does include 
one legacy feature that longtime 
OpenOffice.org users might still be pin¬ 
ing for: the arrangement of slides in 


tabs. This arrangement is more eco¬ 
nomical with space than the slide pane 
that replaced it in OpenOffice.org's 
Impress, allowing much more room to 
display the currently active slide. But, 
this feature is hardly enough to attract 
users by itself. 

A Lack of Purpose 

How Lotus Symphony fits into IBM's 
corporate strategy is anybody's guess. 
Perhaps it is a matter of corporate 
pride, an attempt to revive a product 
line that was a contender in the office 
application market more than a decade 
ago? A desire to support open stan¬ 
dards by releasing programs that sup¬ 
port the Open Document format? 

If the intent is to undermine MS 
Office's dominance on the desktop, as 
some have alleged, then as an under¬ 
featured, proprietary application, 
Symphony seems to have poor odds for 
success. So far, at least, there is not 
even any evidence that Symphony will 
integrate with Lotus Notes to offer the 
combination of office applications and 
calendaring that OpenOffice.org lacks. 
IBM would strike a greater strategic 
blow if it contributed directly to the lat¬ 
est version of OpenOffice.org instead of 
focusing on what seems a quixotic and 
halfhearted project at best. 

That, in the end, is why Symphony 
disappoints. As a project, OpenOffice.org 
badly needs some fresh ideas. Its interface 
probably needs redesigning from the 
ground up, both in terms of names and 
positioning of features. Some features 
deserve to be more prominent, while 
some may be no longer relevant or 
require radical redesign. Symphony 
attempts all these things, but with no 
clear vision and only halfheartedly. 

In the end, all Symphony offers is a 
version of OpenOffice.org stripped to 
the basics and suitable mainly for those 
who won't take the time to learn to 
use office applications properly. Such an 
outcome is disappointing for those who 
would like to see OpenOffice.org 
undertake some basic improvements, 
and not nearly sufficient to justify 
Symphony's independent existences 


Bruce Byfield is a freelance journalist who covers free software 
for Datamation, Linux.com and Linux Journal. He also does 
e-learning course design and marketing and communication 
consulting. Away from the computer, he enjoys excessive 
exercise, hanging out with parrots, listening to punk-folk 
music and reading any history books he can get his hands on. 
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Domo Arigato Mr 
Androidato—An Introduction 
to the New Google Mobile 
Linux Framework, Android 


All your phones, are belong to Google—a brief overview of Android, the new software 
stack created by Google for the Open Handset Alliance, adam m. dutko 


The Open Handset Alliance (OHA) is 
an industry trade group comprising 
more than 30 technology and mobile 
companies. The focus of the OHA is to 
accelerate innovation in the mobile 
application and hardware space and to 
provide consumers with a more compre¬ 
hensive and inexpensive mobile device 
experience. Android is a new, mobile 
application development framework 
developed by Google for the OHA that 
represents part of a greater promise 
from OHA members to make the open 
platform an industry success. 

Along Came an Android 

In addition to announcing its intent to bid 
on the C Block of the 700MHz wireless 
spectrum recently, Google continues to 
lead the charge to ensure that the FCC 
mandates the spectrum be open for all 
mobile devices and all operating systems. 
These two points are partly why the 
Android announcement is so important. 
Imagine using your phone as you do now, 
but with the option to modify it like you 
do your desktop computer. With Android, 
you will be able to tweak a subset of soft¬ 
ware on your phone to your liking—more 
so than merely changing the background, 
selecting a ring tone or downloading 
carrier-sanctioned software. If this idea 
becomes a reality, it might herald the 
beginning of a new era of personal 
computing and possibly even foster the 
creation of a new generation of small 
mobile phone companies and soft¬ 
ware vendors. Without waxing too 
philosophically on the benefits of an 
open spectrum, open devices, open 
software and open access, let's get to 
the meat of the problem, or shall we 
say, the logic of the Android. 


The Meat 

The key features of the Android Software 
Development Kit (SDK) include an appli¬ 
cation framework, a memory-optimized 
runtime environment named Dalvik (so 
called because of one of the main engi¬ 
neer's affinity for the Icelandic town), an 
integrated browser based on WebKit, a 
custom 2-D graphics library, a 3-D graph¬ 
ics library based on OpenGL ES 1.0, struc¬ 
tured data storage through SQLite, 
support for a variety of media formats 
(MPEG-4, H.264, MP3, AAC, AMR, JPG, 
PNG and GIF), and hardware-dependent 
support for a multitude of components 
(GSM, Bluetooth, EDGE, 3G, Wi-Fi, 



Figure 1. Browsing the Linux Journal Web site 
using the WebKit-based browser on the 
Android emulator. This particular screenshot 
highlights the built-in zoom feature that enables 
you to see a full-size view of a Web site. 


camera, GPS, compass and accelerometer). 
All of this functionality is accessible 
through the Eclipse IDE or on its own 
through the user's own Java environment. 
The platform also includes an emulator, 
debugging utilities, memory and perfor¬ 
mance profiling tools, and the source 
code for a set of example programs. 

So Many Layers, So Little Time 

The Android framework consists of 
four layers, as shown in Figure 3. At 
the top of the stack is the aptly named 
Applications layer, so called because it is 
where finished applications are assem¬ 
bled and situated in the framework. The 
second is the Application Framework 
layer, where the building blocks of each 
application are created using the under¬ 
lying system libraries and associated 
application code. Next comes the Library 
and Runtime layer where core system 
libraries, Google Java libraries and the 
Dalvik virtual machine reside. The fourth 
and final layer is the Kernel layer, where 
Linux (version 2.6.x) communicates with 
the underlying hardware. 

Application Layer 

The Android operating system is a multi¬ 
process system, wherein system and 
application processes run within their 
own ID space. Security between applica¬ 
tions and the system is maintained at the 
process level using standard Linux facili¬ 
ties, such as Discretionary Access Controls 
(DACs). When an application is installed, 
it is given a unique user ID on the system 
for the duration of its installation lifetime. 
This unique user ID affords the application 
a dedicated and protected execution 
stack within the Android system. 

The default behavior of an Android 
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Figure 2. Using the built-in Maps feature to 
find my hometown in Ohio. The maps feature 
works similarly to the one found on the 
Internet—first providing a world view, then 
allowing you to pick a particular region and 
keep zooming until you reach the magnifica¬ 
tion limit or are satisfied with what you see. 


application is to operate within its own 
container on objects it owns. In other 
words, Android applications have no per¬ 
mission to perform operations that might 
adversely impact the user experience or 
associated data. This behavior can be 
modified in two ways: 1) the program¬ 
mer can explicitly share application space 
with another application, or 2) the pro¬ 
grammer can explicitly share application 
components with other applications and 
the system. These exceptions are made 
through the application manifest file. 

The manifest file, AndroidManifest.xml, 
is a file required in every application, and 
it resides in the root of the application 
folder. It not only provides a means for 
defining the security characteristics of 
your application, but it also provides an 
outline of your application in the form of 
exposed application components known 
as activities, intents, receivers, services 
and providers. More information on the 
manifest file is available on the Android 
Web site (see Resources). 

Application Framework Layer 

Designed with reuse in mind, this layer 
enables programmers to piece together 
five types of components to create the 
basic building blocks of an application: 


Applications 
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Figure 3. Hierarchical View of the Android Framework 


1. Views 

2. Content Providers 

3. Resource Managers 

4. Notification Managers 

5. Activity Managers 

The first component, Views, represents 
the most basic piece of a user interface. 
Each view is responsible for managing the 
layout and events associated with the 
screen area it represents. Views can be 
grouped together to form Viewgroups 
and arranged into a hierarchical tree, with 
other views and Viewgroups. This tree 
forms a user interface for a particular 
application activity, such as entering a new 
contact into a contact book or adding a 
note to your diary. 

The next component is the Content 
Provider. Content Providers enable a 
programmer to define a resource from 
which to pull or push data using a 
Content Universal Resource Indicator 
(ContentURI) wrapper and a Universal 
Resource Indicator (URI). Each ContentURI 
wraps around a unique type of data, such 
as contacts, settings and call logs, and 
provides helper methods for accessing 
associated data referenced through a URI. 
Programmers are free to dictate how they 
want to store, retrieve and modify publicly 


shared application data, but they must 
create the provider with a repeatable way 
to query and return data. 

To accomplish this requirement, each 
URI must contain at least three compo¬ 
nents: the standard prefix of content://, 
the data authority and the data path to 
the content provider. An additional com¬ 
ponent can be added to the URI if the 
programmer wants to request a specific 
piece of data by unique ID, but the fourth 
component is only necessary when the 
application programmer is faced with 
having to know the exact ID of a record. 
When put together, a typical URI might 
look like content://contacts/people/42. 

You also can use a URI to return 
a whole set of records. For instance, 
if you wanted to return the complete 
set of contacts, you would use 
content://contacts/people. Quite useful, 
no? But, what happens when you want 
to look up Ford in your contact book 
and can't remember the ID of the 
corresponding record? Android provides 
helper classes for each type of ContentURI 
for this exact situation, enabling users 
to find data provided by a particular 
Content Provider easily. The exact 
details on how to create, use and modify 
Content Providers, and how to use 
more-advanced concepts, like managed 
cursors, are explained in more detail on 
the Android Web site. 

The next component is the Resource 
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Table 1. How the Android Framework Compares to Existing Mobile Frameworks 



Android 

Motodev 

Maemo 

OpenMoko 

Qtopia 

License(s) 

Apache2 (mirrored 

GPLv2.0/LGPL components) 

GPLv2.0 

(kernel)/proprietary 

Many free and 
open-source licenses 

GPLv2.0/LGPLv2.1 

GPLv2.0 

(Community Edition) 

Company 

OFI A/Google 

Motorola 

Nokia 

FIC/OE 

Trolltech 

SDK (price) 

Eclipse plugin or 
standalone (free) 

Eclipse plugin 
(Community Edition, free) 

VistaMax or Laika (some 
parts require a device) 

OpenEmbedded 

(free) 

Qt Tools (Community 

Edition, free) 

Sign-up Required 

No 

Yes 

Depends (OS requires 
valid device ID) 

No 

Yes (Community 

Edition, free) 

Primary Ul 

Java 

Qt 

GTK+ 

GTK+ 

Qt 

Primary Application 
Language(s) 

Java (underlying 
libraries C/C++) 

Java ME/C++ 

Languages with 

GTK+ bindings 

Languages with 

GTK+ bindings 

Languages with 

Qt bindings 

Preferred Simulator 

Android emulator 

MotoDev emulator/ 

Java ME emulator 

QEMU 

QEMU (and others) 

Greenphone emulator 
(QEMU) 

Primary Devices 

Unknown (probably 

OHA devices) 

Most Motorola 
mobile devices 

Nokia N Series 
(and others) 

Neo1973 

Neo1973 (Greenphone 
discontinued) 

Licensing 

Free (some services 
cost extra) 

Free (some services 
cost extra) 

Free (device required 
for some OS bits) 

Free 

Free (noncommercial 
only) 


Manager. Resource Managers provide a 
way to work with application-associated 
files that do not contain code, such as 
icons, layouts and files associated with 
application internationalization and 
localization. Because all resource files 
are compiled into the binary at build 
time by the Android build system, 
Resource Managers are sensitive to 
where files are located in the source 
tree. To make build errors related to 
misplaced external files easier to avoid, 
all Android projects created through the 
Eclipse plugin contain a resource 
directory named res at the root of the 
application source tree. The resource 
directory contains subfolders for spe¬ 
cific types of data, which the compiler 
searches and verifies application code 
against at build time. The exact details 
on dealing with Resource Managers 
are quite complex, and the specifica¬ 
tions for dealing with Localization and 
Internationalization are not yet com¬ 
plete, so if you would like to know 
more, please follow the link provided 
in the Resources for this article. 

The next component is the Notification 
Manager. Notification Managers provide 
developers with the ability to alert users 
to events occurring on their devices. 
Some examples include displaying a 
view in the form of a notification 


window when an e-mail arrives, alerting 
users to incoming calls by flashing the 
back light, or maybe even nagging users 
with a loud Britney Spears ring tone 
when the battery is running low. These 
are all typical examples of how you 
might use a Notification Manager in an 
Android application. The exact details 
on how to implement a Notification 
Manager also are located on the 
Android Web site (see Resources). 

The final component of the 
Application Framework layer is the 
Activity Manager. Activity Managers are 
arguably the most important part of any 
application running in the Android frame¬ 
work. Activities are defined as user-per¬ 
formed atomic tasks that, when initiated 
by the user, elicit new behavior from the 
application. Such behavior might create a 
new view, retrieve data from a content 
provider or access underlying hardware to 
make a phone call. Such tasks are the 
foundation on which applications are 
built in the Android framework. Activity 
Managers are the components responsi¬ 
ble for maintaining the navigation stack 
within an application and performing var¬ 
ious housekeeping tasks based upon 
available resources and the particular 
state of an activity. In general, Activity 
Managers try to keep processes related to 
activities around for as long as possible, 


but at times, they might be forced to free 
up resources by terminating particular 
activities. More information about imple¬ 
menting Activity Managers is available on 
the Android Web site (see Resources). 

Library and Runtime Layer 

The third layer in the Android frame¬ 
work consists of a set of shared C/C++ 
libraries, core Java libraries and the 
Dalvik virtual machine. The current set 
of libraries available in the Android SDK 
includes a BSD-derived implementation 
of libc optimized for embedded Linux 
devices, media libraries based on 
PacketVideo's OpenCORE, a display 
subsystem and 2-D/3-D management 
library called surface manager, 
LibWebCore, the SGL 2-D graphics 
engine, 3-D libraries associated with the 
OpenGL ES 1.0 API, FreeType and SQLite. 

In addition to these libraries are 
the assorted core Google Java libraries. 
Some people have questioned the 
Android implementation of Java as 
proprietary, although others claim 
the implementation is a necessity for 
Google to optimize the Android frame¬ 
work. The important thing to remember 
is that the Google Java libraries provide 
only a subset of what the Sun Java 
libraries provide. The remaining portion 
of this layer is Dalvik. Dalvik is a memo- 
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ry-optimized Java Virtual Machine (JVM) 
created by Google to run optimized 
.dex bytecode. In addition to the 
Google Java libraries, Dalvik and the 
associated bytecode compiler dx remain 
a potential source of contention in the 
Free and Open-Source Software world. 
Google claims the source will be avail¬ 
able soon, but remains mum about why 
it decided not to pursue these changes 
through Sun's open-source Java efforts. 

Kernel Layer 

The layer closest to the physical hard¬ 
ware in the Android framework is the 
Linux kernel. Android is scheduled to 
ship with version 2.6.x, and it will rely 
on Linux to manage a variety of ser¬ 
vices, such as security, memory manage¬ 
ment, process management, networking 
and drivers for a variety of devices. 

The Android Eclipse 

If you are interested in working with the 
Android SDK, you can do so through 
Eclipse or through other development 
environments or IDEs. If you want to 
use the Eclipse IDE, you need to have 
version 3.2 or 3.3 installed, along with 
the Eclipse JDT Plugin, as well as version 
5 or 6 of the Java Development Kit 
(JDK). You also may want to install the 
Android Development Tools (ADT) 

Plugin through the Software Updates 



Figure 4. The default menu for Android shown 
through the emulator. You can navigate the 
menu by clicking the buttons with your 
mouse or selecting them with your keypad. 


menu using the following link: 
https://dl-ssl.google.com/android/ 
eclipse. The ADT Plugin automates a lot 
of what you would have to do manually 
in order to develop Android applica¬ 
tions, and it is recommended if you are 
new to Java development or if you are 
generally lazy like most programmers. 

After you are done setting up your 
environment, you need to add the most 
important piece, the Android SDK. You 
can find the most recent version of the 
SDK at code.google.com/android/ 
download.html. After downloading the 
SDK, it is recommended you verify the 
md5 checksum before unzipping the con¬ 
tents. Once you have verified the contents, 
you then need to unzip the contents to a 
location of your choice and add the cor¬ 
responding path to the Android menu 
within your Eclipse preferences menu. 

If you do not want to use Eclipse, you 
still need JDK 5 or 6 and Apache Ant 
1.6.5 or later, in addition to the Android 
SDK. I leave it up to you to perform the 
necessary steps associated with sourcing 
the SDK components into the proper 
path if you choose not to use Eclipse. If 
you run into problems, it is important to 
note that the GNU compiler for Java 
(GCJ) is not supported, and that if you 
have JDK 1.4 installed, you will not be 
able to use the Android framework. If 
you have questions about installing the 
Android SDK and/or configuring your 
environment, more in-depth information 
is available on the Android Web site. 

Robotic Memories 

One of the best things about the Android 
SDK is how easy it is to get up and run¬ 
ning. Using my existing Eclipse Europa 
environment, I was able to start work on 
my first application only a few minutes 
after downloading all of the components. 


It literally took me a few mouse clicks and 
keystrokes to get the equivalent of a 
"Hello, world!" application running in the 
Android emulator, and only a few more 
minutes to get a Notepad application run¬ 
ning. The next best thing about Android is 
that it is completely focused on application 
development and not on peripheral 
requirements, such as kernel compilation 
and installation. If you want to be com¬ 
pletely focused on mobile Java application 
development, Android might be the 
mobile Linux framework for you. In short, 
Google has painstakingly taken the time to 
provide a great abstraction layer for devel¬ 
oping mobile Linux applications, and it has 
provided a path to existing Java application 
programmers to create Google-enabled 
and OHA-supported applications. 

Despite all these wonderful things, I 
must confess that I still felt slightly unsatis¬ 
fied with Android. On the one hand, I was 
very happy to be able to start working on 
application development so quickly, but on 
the other hand, I felt like, that's it? Maybe 
it's because I was working with the beta 
version of the SDK and not all of the com¬ 
ponents have been released yet, but for 
some reason, I felt more like a kid snap¬ 
ping Legos together than a developer cre¬ 
ating an application stack on which to run 
my new application. So, if you are like me 
and want control over your entire stack, 

I still recommend sticking with a more 
transparent and flexible approach like the 
OpenMoko framework. Just remember, 
that like all other free and open-source 
software projects, the choice is yours.H 


Adam M. Dutko is a Lead Web Designer for a small family- 
owned business located in Kent. Ohio. He maintains the mrxvt 
and astyle packages for Fedora, brews beer and works on 
Wireless Sensor Networks at the Cleveland State University 
Software Engineering Lab. He currently lives in Lakewood. 
Ohio, with his wonderful wife. Gretchen. You can read more 
about him at littlehat.homelinux.org ; 8000 . 
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Android: code.google.com/android 

Android SDK: code.google.com/android/download.html 

Open Handset Alliance: www.openhandsetalliance.com 

A Java Developers Thoughts on Dalvik: www.oreillynet.com/onjava/blog/2007/ 
11/dalvik_googles_tweaked_nonstan.html 

Eclipse: www.eclipse.org 
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Desktop 

Must-Haves 

This article is an introductory piece to get you thinking 
about the Linux Desktop and all it can do. 

DAN SAWYER 


S o, you’ve been playing around with Linux for a 
few years now—running a file server here, a 
firewall there—but you’re finally getting around 
to migrating your desktop away from Windows. 
After all, it’s either Linux or Vista, and you don’t fancy 
your whole system being locked down with badly imple¬ 
mented DRM or crippled by system requirements. 
Because when must a mere operating system need 15GB 
of hard drive space, 512 MB of RAM and a 1GHz CPU 
just to boot up? 

Moving from Windows-land isn’t merely a matter of 
changing the operating system. Unless you’re keen on 
setting up Crossover Office and moving all the compati¬ 


ble applications across (a problematic enterprise), you’re 
going to have to learn a few new programs that do the 
same jobs on which you depend. But, before you learn 
those programs, you need to know what they are. 

Based on a thoroughly informal and unscientific sur¬ 
vey of those who tolerate me best, I’ve drawn up a list of 
the things most people do or need access to on their 
computers every day. It turns out that most people, at 
least in my demented little corner of the universe, still use 
their computers for a fairly narrow range of tasks—cer¬ 
tainly more tasks than ten years ago, but not many more. 
Those tasks fall broadly into four categories: Office, 
Graphics, Internet and Entertainment. 
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Figure 1. OpenOffice.org Writer 


OFFICE 

Believe it or not, even though it's not 
how people spend most of their com¬ 
puter time, office software is the corner 
of the computer market of which peo¬ 
ple are most aware. And, why wouldn't 
they be? Office software is what we use 
to manage finances and priorities, cre¬ 
ate presentations, keep schedules and 
write letters, papers, diaries and books. 

Of course, what you're going to 
need on your desktop usually is not the 
same as what you'd need on a work 
machine. Nevertheless, being a small- 
business owner, I tend to pick my soft¬ 
ware with an eye toward openness of 
data, migratability, interoperability and 
room for growth. In other words, I want 
to be able to get at my data from a 
number of programs, not only the one 
with which I created it. I want to be 
able to migrate painlessly to another 
software package should my require¬ 
ments grow or change enough that I 
need to change my applications of 
choice. I want the programs I use to be 
able to talk to each other and to other 
programs out in the broader world. For 
example, if I write a short story and 
send it to a friend to proofread and 
mark up, I want her to be able to read 
what I send, and I want to be able to 
read her annotations in red text when 
she sends it back. I also want my soft¬ 
ware to be able to do more than I need 
right now, because if my needs grow, 
it's less bothersome to learn a new 
aspect of an existing program than to 
bring in a support application to supple¬ 
ment it or to migrate to a whole new 
backbone. Because I have to deal with 
this stuff every day, I tend to take it into 
account when recommending software. 

So, to start off with our office 
software, it's best to kill four (well, 
three and a half) birds with one 
stone. Most people need to write 
and edit documents, track numeric 
data on a spreadsheet and create 
Power Point-style presentations for work, 
church or underground revolutionary 
cult meetings (you know, like Linux user 
groups). Sometimes, people also might 
want to create a database in an 
Access-style graphical environment 
to keep tabs on cult membership or 
lists of evangelism projects. 

Evaluating office software in Linux, 
when coming from Windows, can be 
quite dizzying. With KOffice, GNOME 


Office, OpenOffice.org and a whole raft 
of word processors and spreadsheets, 
it's easy to become overwhelmed. 

But, for my money, the 
OpenOffice.org suite stands head and 
shoulders above the rest. It reads and 
writes more formats better, and it's less 
crash-prone and more versatile than 
most of the alternatives (KWord from 
the KOffice suite being a notable excep¬ 
tion, as it can double as a layout pro¬ 
gram in a pinch). OpenOffice.org is 
more resource-hungry though—its only 
major drawback. High-end spreadsheet 
users who require complicated scripted 
math also may want to check out 
Gnumeric (from GNOME Office) to 
supplement their office software, as 
its functions are more powerful. 

Aside from the traditional office 
suite, good bookkeeping software prob¬ 
ably is the single-most basic function 
people require of their computers when 
the computers are employed as tools. 
Let's face it, of all the sticking points 
for Windows-to-Linux migration, this 
ranks right up there with "my games 
won't run" and "I can't do without 
Photoshop" as one of the biggest 
complaints. Nobody wants to give up 
Quicken, and less than nobody wants to 
re-enter years of checkbook, credit and 
tax records from scratch. 

Two good candidates exist in this 
arena—good meaning, works well, 
reads and writes Quicken files painlessly 


and doesn't require special skills to set 
up and administer. Of the two options, 
KMyMoney and GnuCash, the former is 
better-suited for home finances and the 
latter is better-suited to small business. 
Both are easy to use and easy to set 
up, although I prefer GnuCash both 
for its accounts payable/receivable and 
invoicing capabilities, and for its exten¬ 
sive and far-above-par documentation. 

It also interfaces nicely with on-line 
banking standards. 

Although not something that 
generally is at the top of anyone's list, 
everyone needs a good PDF reader. 
Fortunately, not only is Adobe Acrobat 
Reader available for 32-bit Linux, but 
also two excellent PDF/PostScript view¬ 
ers are available in the open-source 
realm with very comparable feature 
sets: KPDF (bundled with KDE) and 
Evince (bundled with GNOME). Neither 
rises quite to the level of Acrobat 
Reader—support for locked e-books 
is missing, for example—but both 
have one key edge on Adobe's cur¬ 
rent offering. Because they're open 
source, they are available for 64-bit 
systems as well as 32-bit systems, 
without having to mess with goofy 
workarounds and wrappers. 

Time and communications manage¬ 
ment are the final stone in our office 
software rampart. Again, the Open 
Source world provides an embarrassment 
of riches: Sunbird and Thunderbird from 
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FEATURE Desktop Must-Haves 




Figure 3. Evolution’s integrated calendar which interfaces tightly with the e-mail client, gives easy 
control over schedule keeping. 


Figure 2. Checking E-Mail with Evolution 


the Mozilla Project, Kontact (which 
includes KMail and comes bundled with 
KDE), Evolution, Pine, J-Pilot—the list 
seems endless. It's possible to lose entire 
weeks evaluating the finer points of 


each (and each has many fine points). 
However, most people need a good task 
manager, a good calender, a good 
e-mail client with great spam filtering, 
and a way for all of them to talk to 


each other while being fairly worm- 
impervious. Of all the above, only two 
packages put this all together: Kontact 
and Evolution. Kontact is more heavily 
integrated in KDE, and Evolution has 
good integration with GNOME. But 
on balance, Evolution is more spry, 
has a better interface design and is 
easier for the average end user to 
administer without sacrificing quality 
and sophistication. Kontact is well on 
its way to this point, as is the Mozilla 
Sunbird/Thunderbird combination, but 
neither has risen to Evolution's level yet. 
Evolution offers a further advantage to 
small business users in that it interfaces 
with popular groupware applications 
such as Outlook and WebDAV. Granted, 
most people don't need groupware, but 
they do need a way to keep track of 
what's going on in their lives, and 
Evolution does the job swimmingly. 

INTERNET 

Bar none, the one thing that people 
do most with their computers is live 
on-line. Web browsing, social networking, 
instant messaging and e-mail are the 
most vital ways the postmodern 
Webizen stays in touch with the rest of 
the world. We've already touched on 
e-mail. The other non-browser-centric 
way people keep in contact is via instant 
messaging. There are a number of IM 
clients on Linux; some of them are 
protocol-specific (such as Amsn, which 
also supports audio/video conferencing 
for the Microsoft Messenger Network), 
and some of them are universal. The 
best of breed for the universally com¬ 
patible ones is Pidgin. 

Once known as Gaim, but forced to 
change its name due to a trademark 
dispute, Pidgin is a multiprotocol 
instant-messenger client with tabbed 
message windows and an impressive 
array of plugins, including support for 
two very powerful encryption schemes 
to keep conversations private. The inter¬ 
face is simple, the program is easy to 
use, and it doesn't get in the way—all 
must-haves in an IM program. Pidgin 
doesn't support audio or video chat 
(few clients for Linux do), but all the 
other great peer-to-peer conference 
features to which users are accustomed 
are readily available. 

Of course, when talking about 
Internet software, one must discuss the 
granddaddy of all Net software, the 
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Figure 4. Pidgin sports a multiprotocol buddy list and a tabbed message interface to keep your 
chats well organized. 


Pidgin doesn’t support 
audio or video chat 
(few clients for Linux 
do), but all the other 
great peer-to-peer 
conference features 
to which users are 
accustomed are 
readily available. 


embedded Flash and JVM players, and 
give you good, intuitive privacy man¬ 
agement with a reasonable level of 
security, there is only one choice, 
Mozilla Firefox. 
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Figure 5. Firefox, the Best-of-Breed Browser 

Web browser. Although there are a lot 
of viable options for simple Web brows¬ 
ing, if you're looking for something that 


will give you tabbed browsing and RSS 
feeds, support Flash videos and games, 
let you watch audio and video in 


GRAPHICS 

A few years back, this wouldn't have 
been a relevant category, but between 
the ubiquity of digital cameras and the 
glut of presentation software, every¬ 
body needs a graphics package—two 
of them, actually: one to organize the 
photos (otherwise, how are you going 
to find that perfect shot among the 
thousands you rattle off each year?) 
and the other to edit them. 

Organizing photos is a tricky job, 
though it's one that people are a lot 
more familiar with in these days of Flickr 
than they were ten years ago, when the 
shoebox at the back of the closet over¬ 
flowed with pictures to sort and put in 
albums...someday. In the Mac world, 
everyone uses iPhoto. It's ubiquitous, it 
makes slideshows, and it does rudimen¬ 
tary adjustments in the program. On 
Windows, there's Picasa, which is 
focused more on printing than indexing. 
On Linux, there's F-Spot and digiKam. 
F-Spot is a rudimentary, but user-friendly, 
indexing system. digiKam, on the other 
hand, is far more sophisticated, with 
integrated color management, gallery 
creation, iPod interface, slideshow and 
calendar creation, and RAW format 
handling, all underneath a well-laid- 
out interface. In this game, it's the 
clear winner. 
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Figure 6. Browsing through Albums with digiKam 



Figure 7. Krita’s interface with photo loaded—notice the color management system is open by 
default in the upper right. 


For graphics editing, there isn't such 
a clear winner. The field is dominated by 
two very robust contenders: Krita and 
The GIMP. I published an in-depth article 
in the July 2007 issue of LJ reviewing 
Krita and its advantages over The GIMP. 
The philosophies of the two programs 
are very different, as are the interfaces. 
The GIMP has a broader user base at the 
moment and more available plugins, and 
Krita offers more professional color 


management and a broader array of 
basic editing tools. Currently, they're very 
different programs, and from the point 
of view of the lay user, a lot is going to 
boil down to personal taste in interface. 
Either will serve very well. 

ENTERTAINMENT 

Between Google video, podcasting, video 
podcasting, integrated DVD players 
and USB-powered...well, let's call them 



"personal exhilaration devices", the com¬ 
puter now is an entertainment center. 
Projects like MythTV let you literally build 
an entertainment appliance out of your 
PC, but even your desktop has to have a 
good multimedia backbone in it, or you 
might get frustrated and bored. We can't 
have that, now, can we? 

So, let's start with home videos. You 
shoot them, and then what? Are you 
really going to spend months of your 
twilight years rewatching ancient DV 
tapes in real time? Of course not. But, 
you can edit them and export them to 
DVD or YouTube to share with your 
family if you install Kino on your system. 
Small, fast, feature-loaded and stable, 
it's the Linux answer to Windows Movie 
Maker and iMovie. 

Of course, playing those movies 
you make and the DVDs already on 
your shelf, is another matter. You 
need a good, all-purpose media 
player. In Windows-land, you need 
QuickTime, RealPlayer, Windows 
Media Player, Flash Player and 
WinDVD to cover everything. In Linux, 
you need only one program, though 
you have a choice of three that are 
quite excellent: MPlayer, Xine and 
VLC. They all use FFmpeg as a back 
end, which is both highly robust and 
versatile. All three also can call upon 
Windows-native codecs to decode 
proprietary file formats. The choice 
between them primarily is one of 
taste. MPlayer can be run from the 
command line as well as with a GUI, 
it has a very stable Firefox plugin, 
and it contains an excellent set of 
command-line encoding and stream¬ 
ripping tools. Xine (and its front 
ends, like Kaffeine) tends to have the 
friendliest interface. VLC is equipped 
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Figure 9. Kaffeine plays a video. 


to broadcast Net streams as well as 
rip them and transcode them natively 
in the GUI. I personally keep all three 
around, but any one of them will do 
you well, depending on what you're 
looking for. In practice, you'll wind up 
using one for your viewing pleasure. 

You'll also need a podcatcher and 
media library organizer and player 
similar to iTunes. In this field, Amarok 
stands alone. It also allows you to 
select the back-end engine you prefer 
(GStreamer, Xine and so on) and will 
play pretty much any audio format 
under the sun. It includes integrated id3 
tag editing, a very intuitive database 
index, a MusicBrains store interface and 
lots of fun little extras for dealing with 
iPods and other portable media devices. 

Finally, you're going to need something 
to burn all the CD compilations, DVDs 
from videos you've edited, and backups of 
your data. The best and most fully featured 
solution you can get for this is K3b. It sup¬ 
ports data CDs and DVDs to a variety of 
formats and standards, rewritable media, 
video CDs and DVDs, burning from a 
variety of ISO types, and even self-booting 
media CDs and DVDs with micro-operating 
systems (eMovix discs). 

WRAP-UP 

The good news about Desktop Linux 
isn't merely limited to the fact that you 
can do everything—or nearly everything— 


Dan Sawyer is the founder of ArtisticWhispers Productions 
(www.artisticwhispers.com), a small audio/video studio in the 
San Francisco Bay Area. He has been an enthusiastic advocate 
for free and open-source software since the late 1990s, 
when he founded the Blenderwars filmmaking community 
(www.blenderwars.com). He currently is the host of “The 
Polyschizmatic Reprobates Hour”, a cultural commentary 
podcast, and “Sculpting God”, a science-fiction anthology pod¬ 
cast. Author contact information is available at www.jdsawyer.net. 


on Linux that you need to do on a 
desktop system. The really good news 
is that most of these programs— 
Pidgin, OpenOffice.org, Evolution, 
MPlayer, THE GIMP, Firefox, GnuCash 
and VLC—work on Windows, so you 


can ease yourself into the Linux/Open 
Source world in stages. 

Is this the Year of the Desktop for 
Linux? That's something history will decide, 
if it even cares. But, one thing is without 
doubt: Desktop Linux has arrived. ■ 



Figure 10. Kaffeine’s playlist building interface, with a file browser on the left, a preview window 
under it, and the playlist on the right. Kaffeine is a Xine front-end. 



Figure 11. Amarok is the ultimate podcatcher/portable media player/sync manager/music library 


manager/player. 
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BEHIND THE 

LOW-END 
LINUX BOX 


THAT 

SOLD OUT 

AT WAL-MART 


Dave Liu of gOS and the $199 gPC. 


DOC SEARLS 


In June 1996, PC Week ran a piece 
titled "Andreessen Eyes Internet OS". 
Marc Andreessen was famously the 
prime author of the Mosaic and 
Netscape browsers, and a cofounder of 
Netscape as well. The money quote 
from that piece was, "The only differ¬ 
ence technically between Netscape's 
Navigator browser and a traditional 
operating system is that Navigator will 
not include device drivers." 

Needless to say, this and other 
remarks along the same lines did not 
please Microsoft. A great deal of history 
followed, including the "browser wars", 
the sale of Netscape to AOL, the federal 
lawsuit against Microsoft, the dot-com 
crash, Y2K and much more. Forgotten 
in the shuffle was Marc's original 


ambition, which was to establish the 
browser as a platform, and in the 
process, to commoditize operating 
systems to the "bags of device 
drivers" they had long been called. 

Now it's 2008, and Google is busy 
treating the browser as a platform and 
is generally agnostic toward operating 
systems. (Its own services are mostly 
deployed on Linux-based systems, but 
its applications are either browser-based 
or made to run on multiple platforms. 
Google Earth is the ideal example. 
Picasa is not.) 

But, the browser is mostly where 
Google likes to run user-side apps as 
Web services. In fact, Google now 
provides most or all of your basic desk¬ 
top application suite—mail, office 


(documents, spreadsheets, presentations), 
calendar and instant messaging—inside 
your browser. It's up to the user which 
bag of device drivers runs between 
browser and iron. May the best bag win. 

Thus, it was perhaps inevitable 
that somebody would come along 
and make a bare-bones—or bare- 
browser—box that's optimized to run 
Google's browser-based apps on the 
best-commoditized platform, fulfilling 
the Andreessen Prophesy. 

That somebody is Dave Liu, the 
21-year-old CEO of Good OS LLC. The 
company's main product is gOS, an 
Ubuntu-based distro tweaked to run 
Web apps as if they were desktop ones. 
gOS might have been Yet Another Linux 
Distro had it not made news last 
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FEATURE Behind the Low-End Linux Box that Sold Out at Wal-Mart 


November when the $199 Everex gPC 7 
running gOS, sold out in two days 
at WalMart.com. 

Though the price is low-end, the 
gPC doesn't hurt for features. Here 
are the hardware specs, according to 
Everex: "1.5GHz, VIA C7-D Processor, 
512MB DDRII 533MHz, SDRAM, 80GB 
HD Drive, DVD-ROM/CD-RW Optical 
Drive, VIA UniChrome Pro IGP Graphics, 
Realtek 6-Channel Audio, (1) 10/100 
Ethernet Port, (1) DB 15-Pin VGA Port, 
(6) USB 2.0 Ports, (1) RJ-11 Port, 

(1) Headphone/Line-Out Port, (2) 
Microphone/Line-ln Ports, (1) Serial 
Port, (1) Parallel Port, (1) Keyboard, 

(1) Mouse, (1) Set of Amplified 
Stereo Speakers". 

Could this be the long-awaited start¬ 
ing point for Linux in the mass market? 
We thought it would be fun to catch up 
with Dave Liu in the midst of the buzz 
that followed the news. Here's the 
dialogue that followed. 

Doc: So, what possessed you to create 
yet another Linux distribution? 

DL: I'm actually fairly new to open 
source. Most of my work and studies 
at UCLA had been centered on Web 
2.0. I saw a lot of great Web 2.0 
applications that weren't taken seriously. 
You had to be the type of person to 
read TechCrunch, Mashable or other 
Web 2.0 blogs just to know they existed. 
Like open source, I felt we were devel¬ 
oping Web 2.0 just for each other and 
not for the mainstream. 

When I met the Enlightenment and 
open-source folks, I realized how we 
needed to work together. Together, I 
envisioned taking Linux and Web 2.0 
mainstream. With Google backing both 
of these communities, I felt the best 
thing to do was to create a Linux distri¬ 
bution that made it easy for people to 
access Google and other Web 2.0 appli¬ 
cations. This was how our communities 
could converge and help each other 
affect the mainstream. 

We hope we will bring existing 
communities together, rather than sim¬ 
ply start a new one. In fact, shortly after 
I met Enlightenment, we recruited some 
of its core developers to form our entire 
developer team. 

Doc: Tell us more about Enlightenment. 
What does it do? 

DL: Enlightenment is an X Window 


System window manager. Like Compiz 
Fusion and other window managers, 
it's a graphical layer that sits on top of 
the Linux kernel. In the case of gOS, 
Enlightenment sits on top of a modified 
Ubuntu. Enlightenment was the ideal 
choice for gOS for a lot of reasons. 
Different from other window managers, 
Enlightenment enables gOS to run even 
better on the lowest-end hardware con¬ 
figurations. On the lowest-end hard¬ 
ware, the difference begins to show. 
That's where we see our advantage in 
today's market of expensive, high-end 
operating systems...Vista, Leopard. 
Enlightenment enables us to think about 
simplicity and affordability in a PC. 

“THERE REALLY IS A 
GROWING SUBSET OF 
PEOPLE IN THE OPEN 
SOURCE COMMUNITY 
WHO CARE ABOUT 
CONSUMERS-PEOPLE 
WHO WANT TO MAKE 
THE LINUX EXPERIENCE 
PALATABLE FOR 
AVERAGE JOES.” 


Doc: How about licensing? What 
are the licenses involved for gOS, 
for Enlightenment? 

DL: gOS is free for personal use and 
noncommercial distribution. Specifically, 
we're under the Creative Commons 
Attribution-Noncommercial-Share-Alike 
3.0 Unported license. The majority 
of software we've aggregated in gOS 
is under the GPL license—such as 
Enlightenment, Ubuntu, OpenOffice.org 
and other open-source software. 

Doc: Is Compiz in your plans for gOS? 

If so, how? 

DL: At the moment, we have no 
plans to use Compiz Fusion. We'd 
like to establish our difference with 
Enlightenment. With the next revision, 
we'd like to ask the community for even 
more support in helping us develop EFL 
(Enlightenment Foundation Libraries) 


applications that run in the Enlightenment 
environment. As of now, we're using 
a hybrid of EFL and non-EFL apps 
because our customers need a stable 
and full set of applications. For exam¬ 
ple, since we're launching gOS note¬ 
books in Q1, we decided we had to 
tentatively replace our EFL-based Wi-Fi 
manager Exalt with Network Manager, 
because we were still seeing some 
problems with Exalt. In the future 
revisions, we hope to shift to all 
EFL-based apps so as to complement 
and make full use of Enlightenment. 

Doc: Tell us about Faqly, and how 
you're going to interact with cus¬ 
tomers and users, as well as the dev 
communities. 

DL: Faqly is people-powered tech sup¬ 
port. It's a Web application that helps end 
users and developers help one another. 

It's been interesting to see our end users 
and developers interact and exchange 
tech support for user feedback. 

Doc: We've read that you're offering 
a full year of 24/7 support. Is that 
true? What is the support policy 
overall, and how does it differ from 
competing offerings? 

DL: It's true! Well, it's true for cus¬ 
tomers who purchase the Everex gPC. 
Wal-Mart requires PC companies to 
include toll-free tech support. Working 
with Everex and Wal-Mart enabled us to 
offer a full year of 24/7 toll-free sup¬ 
port. That Everex supports open source 
with a toll-free support number is quite 
different from most other OEMs and 
their Linux products. Dell, for example, 
provides no support on its Ubuntu 
notebook. Initially, someone will pay 
the bill for getting open source to the 
mainstream users; we're glad that a 
smaller PC company like Everex is 
willing to lead the way. 

Doc: Is this something for the low end, 
for the geeks or for geeks' moms? 

DL: It's all those things—an ideal alterna¬ 
tive, especially for a simple PC, something 
that works out of the box with the 
help of "the cloud" or Internet. We've 
also had a lot of people tell us they're 
excited about it, because they want to 
buy it for their moms or their dads, 
who don't need too much power and 
just want something simple, affordable 
and familiar. 
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Doc: But, it's still a Linux box, so the 
geek who's giving the gift can still ssh 
into it and help out if need be, right? 
DL: It's definitely hackable. It's also 
good for someone who knows how to 
do customizing in general, or to work 
as-is. And yes, you can wipe it clean 
and install Windows if you like, but why 
would anyone want to do that? The 
gPC, in terms of components, assembly 
and the software combination alone is 
quite a deal. 

The more important thing is where 
this is headed. I think we will soon see 
more companies invest their future in 
Web applications or "cloud comput¬ 
ing". What we're trying to do is jump 
the curve and help make a way for 
others to do the same. 

Doc: Where do you fit in the midst of 
these other distros? 

DL: I'd see our role as something like 
Kubuntu's has been. Derivative, but 
taking some new directions to be more 
consumer-friendly. 

Doc: What direction, for example? 

DL: There really is a growing subset of 
people in the Open Source community 
who care about consumers—people 
who want to make the Linux experience 
palatable for average Joes. That's a big 
shift. And, that's whom we're appealing 
to. We felt that Linux as a native OS 
project is a great platform, but it still 
hasn't gone that final step to really con¬ 
nect it to consumers and to differentiate 
it from everyone else in the consumer 
space. To do that, you really have to 
bring a consumer aspect, and we saw 
that in Web 2.0—in Google apps and 
YouTube. 

Doc: When you talk about Web 2.0 
apps, you mean ones that work in a 
browser as a kind of Web service? 

DL: Pretty much. We're basically talking 
about software that runs in a browser 
and is based on Linux. It's a paradigm 
shift away from the way you would typ¬ 
ically use software. Instead of compiling 
and selling it, and having it run in the 
system, you're running everything in the 
browser. And, there's a lot of Web 2.0 
software out there that hasn't gotten 
into the eyes of the public. 

Doc: Examples? 

DL: Even with the Google Docs— 


spreadsheet, calendar—we were sur¬ 
prised at how people either had never 
heard of these things or had never tried 
them. We were among the first to put 
all the Google applications into one 
coherent package. So people could real¬ 
ize, going from one icon to another, that 
Google and Web 2.0 really are their 
computer. Not only that, but by comput¬ 


ing in the cloud, users really are able to 
take their computer with them without 
taking their computer. As long as they 
can log on at a cafe or a friend's house, 
they have a computer of their own. 

Doc: You don't generally think of 
desktops as being things that live in a 
browser. Are you abstracting the apps 
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and their icons out of the browser and 
putting them on the desktop? 

DL: Yes. That's the idea. Users are 
accustomed to seeing applications in a 
dock or in a start menu. We want to 
stick with the easiest and most-familiar 
models for desktop computing, even if 
the programs are executed elsewhere. 

So yes, we're using a lot of Firefox 
shortcuts. From a tech view, it's a lot of 
browser shortcuts on a dock. All the 
main ones are in a dock, and a few 
more are in the start menu. 

Doc: How about for documents you 
want to keep on your own machine to 
work on when you're off-line? 
Calendars, for example. 

DL: We're still waiting for Gmail and 
Google Calendar to work off-line with 
Google Gears. In the meantime, we 
packaged off-line applications, such as 
OpenOffice.org, Mozilla Firefox and 
Thunderbird as well. 

Doc: So you can do POP mail if you like. 
DL: Exactly. 

Doc: Or presentations that people 
might create on-line and then save 
to give off-line on their machine or 
transport by thumbdrive to another 
machine. 

DL: Yes. Google has done a good job of 
balancing its products with open source. 
It just packaged OpenOffice.org into the 
Google Pack. With Google Gears, I 
think it's just a matter of time before we 
see every major Web application be 
capable of syncing and working off-line. 

Doc: Are you in touch with the Google 
people on this? 

DL: Yes. To be clear, the gOS is not the 
Google Operating System, although it is 
my idea of what one should be like. 

Even before we closed a hardware deal, 

I had used an obscure form on Google's 
Web site to apply for permission to use 
trademarks. I said, "Hey, we're an open- 
source OS project, and we want to make 
it easier for people to use Google apps, 
mind letting us use your icons and 
trademarks"? Two or three weeks later, 
we got a letter back, saying, "Yeah, go 
ahead, as long as you have a disclaimer 
saying this is not a Google product..." 

So we did it. We just didn't know we 
were going to get so much attention for 
it. When we started working with 


Everex, we found that it had its own 
standard toolbar deal with Google. Then 
Everex also showed Google a preview of 
our screenshots. In that sense, there was 
"approval" from Google, but no official 
endorsement. We have friends at Google 
and keep in touch with them on both 
the gPC and the gOS. 

Doc: The g in gOS stands for...? 

DL: The g stands for good. Our mission 
is to make a good OS. Good for every¬ 
one. For example, we knew Microsoft 
to be a big, mean Goliath to work with 
for OEMs. We wanted to make an OS 
that could be a good friend to both 
consumers and OEMs. 

Doc: What is your dev community like? 
Have you grown your own, in addition 
to the Enlightenment folks? 

DL: Our core dev team is about seven 
people. We've added one or two in the 
last month. Once we got in the news, 
people starting hearing about us, and 
we have developers coming in from 
different communities. Some Ubuntu 
developers are helping out too. So we 
have a nice, little community going and 
growing. It's still early and what we call 
"controlled chaos". We're still trying to 
create a good structure so people who 
want to help can get started easily. 

Doc: What's different about the 
community you see growing here? 

DL: I think the younger generation of 
developers will include more Mac fans 
or Mac types. They're a bit more aes¬ 
thetically inclined, more interested in 
the end-user experience. I see a future 
Open Source community that can take 
Linux further mainstream. Look at 
things like Compiz Fusion, Beryl—all 
that stuff. I had a chance to talk to 
Quinn Storm, the lead developer on 
Compiz and Beryl. She wanted people 
in the Linux community to make 
something end users could enjoy. 

After that conversation with her, I 
realized this was a growing community 
with a lot of promise. 

Doc: Well, from an easy-to-use Ul per¬ 
spective, Apple has left the low end open. 
Do you see Linux making a move there? 
DL: Yes. There are quite a few Linux 
themes that adopt some of the good 
things Apple has done on the UL One 
remark I'd like to make on the low 


end—I think Linux also got a fighting 
chance when Microsoft launched 
Windows Vista. Vista pretty much oblit¬ 
erated the low-end hardware experience 
for Windows. I've tried it, and it's a terrible 
experience. So, there's an opportunity at 
the low end in general, because Apple 
continues to be a luxury product and 
now, possibly to compete with Mac OS X, 
Microsoft vacated the low-end space as 
well. We're happy about that. 

Doc: So what are your ambitions here? 
How do you plan to grow? 

DL: We plan to expand our list of hard¬ 
ware partners in the US and abroad. 

One of our long-term ambitions is to be 
a real friend to OEMs and the hardware 
industry as a whole. We all know it's 
been tough to work with Microsoft, and 
we thought there was a business oppor¬ 
tunity to serve OEMs as a "Good OS" 
company. We'll always continue to 
improve gOS in terms of design and 
performance, and we'll also continue to 
package new Google and open-source 
software that we think are relevant to 
people buying a computer. We intend 
to keep gOS extremely lightweight, so 
as to keep the overall hardware costs 
down. With all this coming together, 
another one of our ambitions is to help 
close the digital divide with affordable 
computing. There are many people in 
the world, some even in the US, who 
don't have access to a computer and 
Internet. We think gOS needs to work 
with Google, Web 2.0, open source and 
others to tackle this important problem. 

Doc: How about laptops? Generic 
desktops are all the same. But laptops 
are all different, by design, through 
OEM partnerships with Microsoft. 
What are your plans there? 

DL: One of the things that will make 
our laptops viable is software that offers 
seamless syncing on-line and off. You 
are going to see gOS on laptops very 
soon, if not by the time you read this. 

Doc: Are you partnered with other 
hardware companies? 

DL: Right now, we're working with 
Everex, a single hardware partner, but 
the goal is to expand to working with 
other companies as well. As a software 
company, we really appreciate Everex 
and expect we'll be working with it 
exclusively in the short term since this 
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launch. We are talking to a few hard¬ 
ware companies and are growing 
our team so we can work with more 
hardware partners. 

Doc: I would think that Dell, Lenovo, 

HP and others would be looking at a 
Linux offering in the cost range that 
you're working in, at some point. Does 
that concern you? 

DL: I think Dell was one of the big 
brands to launch a product, which is 
good, but among the smaller PC com¬ 
panies, Everex is still one of the top 
companies. It sells at Best Buy, Circuit 
City and Wal-Mart, yet it's small enough 
to be motivated to experiment and take 
chances with a company like ours. The 
larger hardware companies, such as Dell 
and HP, have a lot at stake with Vista, 
and with the Microsoft relationship. It 
seems to us that a company like Everex 
is less locked-down that way. So, we 
see companies like Everex taking the 
first steps that need to be made to take 
Linux mainstream. 

Doc: You were just in China. What 
were you working on there? 

DL: I went to an O'Reilly Foo Camp—a 
gathering of techies. 

Doc: What was your takeaway from the 
Foo Camp there? 

DL: We talked about Web 2.0 and open 
source in China. Things are exciting 
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Enlightenment: 
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because we're seeing the same kind of 
Web 2.0 and Linux projects successfully 
launch in China. It's exciting because 
China is in the very early stages. Only 
a small minority of its population is 
on-line, and that is already more than 
110 million people. I think it's the 
second-largest on-line population to the 
US. There are huge opportunities there 
with Linux and cloud computing. 

Doc: People have been waiting for this 
segment to open up for a long time, 
and I'm not just talking about the low 
end of the PC marketplace. I'm talking 
about the browser as the environment 
for all kinds of applications. Because, 
this is exactly what Netscape talked 
about doing way back in 1995. One 
of the reasons Microsoft came after 
Netscape was because Netscape had 
the audacity to say the real desktop on 
the Net will be the browser. 

DL: The Netscape folks were super- 
advanced thinkers. I think it's going to be 
really exciting to see things unfold here. 

A lot of people have been saying Web 
2.0 is a bubble, but I don't think so. 


Doc: I've said it's what we're going to 
call the next crash. 

DL: Yeah, I think it definitely would be 
without cooperation from hardware. 

But, what if hardware cooperates? It 
always takes hardware some time to 
catch up to software. Hardware compa¬ 
nies soon will need to give Web 2.0 a 
serious look. 

Doc: What's the next big thing? 

DL: I think it's Linux finally rising up, 
up into the cloud with Google and 
Web 2.0. Then, a lot of these startups 
that we laughed at will find them¬ 
selves front and center for what's 
next in computing. 

Addendum 

As this goes to press, the gOS-powered 
gPC sells at Newegg.com, Wal-Mart 
stores and ZaReason.com, in addition 
to WalMart.com.H 


Doc Searls is Senior Editor of Linux Journal. He is also a 
Visiting Scholar at the University of California at Santa Barbara 
and a Fellow with the Berkman Center for Internet and Society 
at Harvard University. 
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KDE 4, first announced two years ago, is 
the next step for the popular UNIX desktop 
environment. With the shift to a new major 
version of the toolkit used to build KDE, 
developers are able to break free of 
requirements for compatibility and make 
radical changes to the codebase. 

KDE 4 PREVIEW 

Introducing KDE 4—the desktop 
revolution is coming, jeshall 
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Qt 4 

Qt 4 is a library for building user interfaces in C++. It provides most of the 
graphical elements of KDE applications. 

Qt 4 heralds vastly better memory efficiency and a new painting system that is 
able to leverage new advances in X.org for previously unseen levels of eye 
candy. It also provides, for the first time, a GPL’d version of the library on 
Apple’s OS X and Microsoft’s Windows, making porting KDE applications to 
other platforms a possibility. 


Plasma 

The default desktop infrastructure, well 
remembered as operating on similar 
lines since KDE 2, is being completely 
redesigned. The new desktop shell, 
Plasma, promises to re-invent the 
desktop paradigm. Headed by Aaron 
Siego, Plasma's team of developers has 
been working on a complete replace¬ 
ment for the previous infrastructure of 
the KDE panel and desktop, and the 
results are breathtaking. 

Plasma incorporates most of what is 
seen on screen at first login. It is a flexi¬ 
ble, fully scalable and rotatable desktop 
shell with the ability to embed mini¬ 
applications and media as applets or 
widgets known as plasmoids. The 
concept of applets is not a new one 
to desktop design, but Plasma brings 
a few innovations to the table. 

Plasma divorces the data engine 
from the presentation, allowing devel¬ 
opers to write a data engine once and 
then present this in an arbitrary number 
of ways in an applet. For example, once 


an engine to extract system perfor¬ 
mance state has been written, multiple 
plasmoids can present this information 
in different ways. A desktop plasmoid 
might have a large, detail-rich display, 
but the same data displayed on the 
panel might recognise its spatial 
constraints and display a simpler view. 

Native Plasma applets can be imple¬ 
mented as containments, which are 
simply applets that can contain another 
applet. The panel is a containment, as 
is the desktop itself, and an applet con¬ 
tained within the panel can be dragged 
to the desktop or another panel, and 
vice versa, reforming and reflowing 


itself to fit its physical constraints. 

This flexibility opens up, among 
other possibilities, the ability for scalable 
displays to enable a content-rich desktop 
on a PC or a display that's more suited 
to low-screen resolutions on an 
embedded device. KDE 4.1 plans to 
support OS X dashboard widgets, 
hinging on new features in a release 
of WebKit scheduled for early 2008. 

Oxygen 

Oxygen is the name chosen for the cohe¬ 
sive look and feel for the new KDE 
desktop. As well as creating beauty, the 
Oxygen team of artists is working with 



Figure 1. Plasma, Showing Some of the Included Plasmoids 
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user interface guidelines to ensure that 
identification of elements is a priority. 

The result is a clean break from the previ¬ 
ous KDE style, obviously inspired in part 
by already-existing artwork, but bringing 
it together with something fresh that is 
distinctly Oxygen's own. Oxygen also 
incorporates the system sound package, 
combining with the rest of the artwork 
to create something that is uniquely KDE. 

With a team of three core icon 
designers, Oxygen relies on a set of 
strict style guidelines and an official 
colour palette to ensure a consistent 
result. The colours chosen are rich with¬ 
out being overpowering, and the icon 
design is modern and appealing. 

An advantage of the new Oxygen 
icon theme is that it will be the first 
truly open KDE icon theme. The previ¬ 
ous default for the long-running KDE 3 
series, Crystal, never had its sources 
made available. The Oxygen team has 
been working exclusively in SVG, 
ensuring the set remains open. 

The Oxygen style and window deco¬ 
ration is a large-scale departure from the 
Plastik style that became default in the 
late 3.x series. The muted pale gray and 
blue colours have made way for a brilliant 
off-white for both window decoration 
and controls. Green, orange and blue 
highlights are used sparingly with pleas¬ 
ing effect. The result looks extremely 
clean and modern, although such a large 
departure no doubt will draw some 
criticism. A wide range of colour schemes 
are available to suit almost every taste. 

One minor concern about the new 
style is how much screen real estate it 
seems to use. We looked at KDE 4 on a 
Lenovo ThinkPad at 1400x1050 pixels, 
which seemed adequate for the task 
but by no means overgenerous. People 
still using 1024x768 or lower resolutions 
may struggle with the defaults. 

A new wallpaper set has been collated, 
with the Oxygen artists acting as judges 
to select community submissions. The 
team chose 15 wallpapers, and the results 
are breathtaking. This kind of community 
involvement is unquestionably one 
of the strengths of the open-source 
development model. 

Unfortunately, we were unable to 
preview the Oxygen sound theme prop¬ 
erly—at the time of this writing, KDE 4 
had not yet been released, and some¬ 
thing about our sound card was causing 
the KDE sound system, Phonon, to crash. 


§&E f 

audio-card, png audio-heads... audio-in put-... audio-in put-... 



battery, png camera-phot... camera-web... computer-la... 



computer, png cpu.png drive-harddi... drive-optical... 



drive-remot... drive-remov... drive-remov... drive-remov... 


Figure 2. The Oxygen Icon Set 



Figure 3. Oxygen uses bold highlights with low-contrast widgets to achieve a clean and modern look. 



Figure 4. A Small Selection of the KDE 4 Default Wallpapers 
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Solid 

Another core KDE 4 technology is the 
introduction of Solid. Solid is a library for 
hardware discovery, network and power 
management. It's an attempt to deal 
better with the ever-changing devices 
and connections of portable systems in 
our increasingly wireless world. Solid will 
integrate with popular frameworks, such 
as freedesktop.org's HAL and Novell's 
Network Manager, to leverage their 
features on supported platforms. 

Solid implements graceful handling 
of off-line/on-line state for applications 
that use it. A Solid-aware e-mail client 
would, for example, know that you 
were off-line and not attempt to 
connect to your mail server if you opened 
it to check an older e-mail message or 
look up a contact while off-line. 

Solid also includes a command-line 
utility called solidshell to manipulate its 
API for scripting purposes. 

Phonon 

Phonon is a sound framework that was 


Figure 5. Phonon Settings Dialog 

created to supply a stable and consis¬ 
tent API for KDE applications. It's capa¬ 
ble of using a variety of engines as its 
back end and can switch between those 
engines on the fly. Phonon integrates 
closely with Solid to maintain awareness 


of sound-capable hardware attached to 
the system. It's capable of per-application 
volume settings, grouped by category, 
and also is able to route different cate¬ 
gories through different devices—for 
example, selecting to deliver a VoIP 
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conversation only through the headset 
and leaving the other system sounds to 
play through the sound card. 

Phonon is written to be cross-platform, 
needing only a platform-specific engine as 
a back end to it. Along with the Xine 
back end that the KDE Project developed, 
the maker of Qt (Trolltech) has released 
Phonon back ends for GStreamer 
(Linux), DirectShow (Windows) and 
Core Audio/QuickTime (OS X) to be 
developed in KDE's source repository. 
Trolltech has stated its intention to include 
Phonon itself in Qt from version 4.4. 

This is excellent news for the future 
of Phonon, signaling significant amounts 
of funded development time, as Trolltech 
will be maintaining the engines and 
contributing to Phonon. 

KDE has long had a policy of leaving 
hardware support to the distribution. 
Although KDE 3.x has very basic sup¬ 
port for removable storage devices with 
support for freedesktop.org's hardware 
abstraction layer, HAL, in the 3.5 series, 
many KDE installations have less than 
stellar hardware management due to 
the limitations of the distribution imple¬ 
mentation. Whether it's correct or not, 
to many users, the desktop is the com¬ 
puter and their expectation is that it 
should handle their hardware well. 

Solid and Phonon look to overcome 
these issues, leveraging what user-space 
support they find into as consistent an 
experience as possible for KDE users, 


regardless of platform. Although the pro¬ 
ject has come under some criticism for cre¬ 
ating Yet Another Abstraction Layer, Solid 
and Phonon make porting KDE to other 
platforms just a little bit easier. They also 
remove a lot of the complexity in dealing 
with hardware from most basic individual 
applications and keep it in a single place. 
Phonon isn't considered to be a one-size- 
fits-all solution, however; it's recognised 
that some applications may require more 
than Phonon's simplistic view of the world, 
like professional music editing applications. 

Dolphin 

Another major change for KDE 4 is the 
inclusion of Dolphin as the default file 
manager. Konqueror's file management 
abilities still will be available for the nos¬ 
talgic or power user. Some of Dolphin's 
features include a "breadcrumb" style 
location bar and side panes for informa¬ 
tion and tree or bookmark views. 

Dolphin as a project focuses on 
usability and simplicity. One of the larger 
benefits of including Dolphin is a long- 
sought-after separation of configuration 
between the Web browser and the file 
manager. A standing complaint among 
KDE users is the way that Konqueror's 
profiles mechanism doesn't achieve 
adequate separation between roles. 
Rearranging the toolbars in one profile 
would affect another, and bookmarks 
were the same between the browser 
and the file manager. Possibly even 


more confusing, clicking the Home 
button on the browser toolbar took 
one to the file management view of 
the user's home directory. 

Although Konqueror is an exception¬ 
ally powerful and flexible tool, these 
configuration quirks were extremely 
frustrating to users who expected their 
file manager and Web browser to 
behave as separate applications. Not all 
flexibility is lost in the name of usability, 
however; Dolphin fully supports KDE's 
Kioslaves and Konqueror service menus. 

There are myriad other changes to 
look forward to in the 4.x development 
cycle, but it would require far more 
space than is available here to detail 
them all. At the time of researching this 
article, KDE 4 was in a release-candidate 
state, with features still in a state of flux. 

KDE 4 has been promising a desktop 
revolution, and it really looks as though 
it just might deliver. The first generation 
of new KDE technologies is shaping up 
to transform our expectations of what 
the Linux desktop should bring. When 
one considers that this is the state of the 
4.0 release, and then looks at the length 
of the 3.x development cycle, the path 
that the evolution of the 4.x series will 
take stimulates the imagination. ■ 


Jes Hall is a Linux Technical Specialist and KDE developer 
from New Zealand. She’s passionate about helping open- 
source software bring life-changing information and tools to 
those who would otherwise not have them. 


Use Screen to Avoid Losing Remote Work 


TECH TIP 


If you do much work on remote servers and have ever lost 
your connection at an inconvenient moment, using screen can 
help avoid losing work. Screen is, according to the man page, 
"a full-screen window manager that multiplexes a physical 
terminal between several processes (typically interactive shells)". 
Window manager may be a bit misleading, as it's not a 
window manager in the GUI sense, but rather it manages 
a number of full-screen console/shell sessions within a 
single console/shell. 

Screen is simple to use; after you connect to the remote 
server, type: 

$ screen -D -RR 

This creates a new screen session if there isn't one or 
attaches to a previously created one if one exists. Now if your 
connection drops, you simply reconnect and enter the above 
command to reconnect and return to the exact point you were 
at when your connection was lost. 

Screen has many keyboard commands for starting and 


controlling additional sessions; see the man page for more info. 

Screen also is useful when you want to execute a long- 
running process and don't want to stay connected while it 
runs. Simply start the command, and then switch to a different 
session and type to disconnect your SSH connection. When 
you return later, you can reconnect to the screen session and 
see the output. 

You even may want to put the screen command in your 
.profile file so that it is started automatically when you log in. 

I like to have the option of not starting screen, so I have 
my .profile ask whether I want to start it: 

read -p "Start screen? " ans 
ans=$(echo $ans | tr A-Z a-z) 

if [[ "$ans" = y || "Sans" = yes ]]; then 
screen -D -RR 
fi 

— MITCH FRAZIER 
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Orca is a free, open-source, extensible screen reader that 
provides access to the graphical desktop via user-customizable 
combinations of speech, Braille and/or magnification. In this 
article, I briefly discuss how to set up and use Orca on the 
GNOME desktop. This article's intended audience includes not 
only users with visual impairments, but also developers inter¬ 
ested in improving the accessibility of their applications. 



Figure 1. Orca Swimming in the AT-SPI Sea 

Orca works with applications and toolkits that support the 
assistive technology service provider interface (AT-SPI), which is 
the primary assistive technology infrastructure for Linux and 
the Solaris operating environment. Applications and toolkits 
supporting the AT-SPI include the GNOME GTK+ toolkit, the 
Java platform's Swing toolkit, OpenOffice.org and Mozilla 
(KDE/Qt support for AT-SPI remains under investigation). As a 
result, Orca can provide access to applications, such as Firefox 
3, Thunderbird 3, OpenOffice.org, most GNOME applications 
and a wide variety of multimedia applications. 

Via the AT-SPI, Orca connects to applications and commu¬ 
nicates with their graphical components, such as push but¬ 
tons, text areas, menus and so forth. As you interact with an 
application, the AT-SPI notifies Orca. In response, Orca presents 
appropriate information to the user via speech synthesis (the 
machine talks to you), refreshable Braille (an external hardware 
device) and/or magnification (an enlarged view of the graphi¬ 
cal display). Orca also provides mechanisms for you to explore 
the entire contents of windows presented by the application. 

Orca is known as a scriptable screen reader, meaning it can 
provide customized behavior based on the application with 
which it is working. With Orca, custom scripts written in the 
Python programming language can be used to provide more 
compelling access to the unique interaction models of 
applications. For example, Orca provides a script for the 
Pidgin instant-messaging application to give you additional 
features, such as quickly reviewing the last few messages 


that have arrived. 

Note to application developers: Orca provides a default 
script that gives access to the majority of applications. As a 
result, a custom script is not required for each application. 
The Orca team encourages you to test your applications 
using Orca, however, and to create a custom Orca script if 
it is needed. The Orca team is happy to help you! 

Prerequisites 

In order to use Orca, you need a desktop environment that 
supports the AT-SPI, such as GNOME. Fortunately, GNOME is 
widely available on many operating system distributions, 
including Ubuntu, Fedora, Debian, OpenSUSE, Solaris Express 
and so on. Although Orca works on GNOME 2.18 and better, 
GNOME 2.20 or better are the versions in which Orca works 
best. Because Orca also is under constant development, the 
brave are encouraged to use the latest sources. See the 
"Downloading and Installing Orca" page of the Orca Wiki for 
more information on working with Orca sources. 

To use speech, Orca currently uses gnome-speech to 
communicate with speech synthesis engines on the machine. 
On Linux systems, there are a variety of free, open-source 
engines available, including eSpeak and Festival. Most oper¬ 
ating system distributions typically provide gnome-speech 
and at least one speech synthesis engine. To determine 
whether Orca can use speech on your machine, run the 
test-speech application provided by gnome-speech. If you 
can get your machine to speak using test-speech, it should 
work with Orca. See the "Speech" page on the Orca Wiki 
for more information on setting up speech on your system. 

A typical Braille user will have purchased an external hard¬ 
ware device called a refreshable Braille display. These devices 
provide a number of Braille cells—typically 40 or so—where 
each cell comprises eight dots that a software application 
can pop up or down to create a Braille character. Orca uses a 
separate software application, called BrITTY, to communicate 
with refreshable Braille displays. Like gnome-speech, many 
operating system distributions install BrITTY by default. The 
configuration of BrITTY is outside the scope of this article, 
but more information can be found at the BrITTY site and on 
the "Braille" page of the Orca Wiki. 



Figure 2. Refreshable Braille Display 
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Figure 3. Orca’s Braille Monitor 



Figure 4. Magnifier in Action 

For application developers without a refreshable Braille 
display, Orca provides a graphical Braille monitor to present 
what would be sent to the Braille display. The Braille monitor 
is independent of BrITTY and also is useful for demonstrating 
Orca to other people. 

Orca currently uses gnome-mag for magnification. As with 
gnome-speech and BrITTY, the operating system distribution 
includes gnome-mag by default. You can tell whether your 
machine has gnome-mag installed if the gnome-mag magni¬ 
fier application is on your machine. 

Setting Up Orca 

When you log in to your GNOME desktop for the first time, 
the AT-SPI infrastructure typically is not enabled. As a result, 
Orca isn't able to provide access to your desktop. You can 
enable accessibility in a number of ways, one being the 
Assistive Technology Preferences dialog available from the 
GNOME Preferences menu. Assuming you can't see the 
display, however, this dialog is useless to you if accessibility 
has not yet been enabled. 

To get started quickly with Orca, you can use the talking 
text-based setup utility: orca --text-setup. BrITTY users 
typically will run this from a virtual console. Below is an 
example of using orca --text-setup to set up Orca for 
use with speech and the Braille monitor: 

bash-3.2$ orca --text-setup 
Welcome to Orca setup. 

Select desired voice: 

1. kevin (en_US) 

2. kevinl6 (en_US) 

Enter choice: 2 

Enable echo by word? Enter y or n: n 
Enable key echo? Enter y or n: n 
Select desired keyboard layout. 


1. Desktop 

2. Laptop 
Enter choice: 1 

Enable Braille? Enter y or n: n 

Enable Braille Monitor? Enter y or n: y 

Setup complete. Press Return to continue. 

If you have never done anything with accessibility on 
your desktop before, you typically will need to log out of 
your desktop session after running orca --text-setup. 

The desktop needs to be restarted with accessibility enabled. 
Once you have run orca --text-setup, accessibility is 
enabled for future logins to your desktop. 

After you have logged out and logged back in, you can 
perform finer-grained customization of Orca's features using 
the Orca configuration GUI. The Orca configuration GUI is 
available any time Orca is running by pressing Insert-spacebar 
(desktop keyboard layout) or Caps Lock-spacebar (laptop 
keyboard layout) at the same time. You also can start Orca 
with the Preferences dialog by running orca --setup. More 
information on the Orca's configurable options can be found 
on the "Configuring and Using Orca" page of the Orca Wiki. 

If you want Orca to start automatically when you log in, 
use the Assistive Technology Preferences dialog available 
from the GNOME Preferences menu. Press the Preferred 
Applications button in this dialog and navigate to the 
Accessibility tab. On the Accessibility tab, you can select 
Orca and also check the Run at start check box. Many 
users, however, merely run the orca command by using the 
Run Application dialog available via the Alt-F2 key binding 
on many distributions. 

Using Orca 

The Orca team refers to Orca's default operating mode as 
focus tracking mode. In focus tracking mode, you interact with 
any application (as any user would) using the built-in keyboard 
navigation mechanisms of GNOME. As you tab around the 
interface or interact with objects, such as pressing the space¬ 
bar to toggle check boxes or typing text into text areas, Orca 
presents the information to you via the combinations of 
speech, Braille and/or magnification that you have specified. 
That is, you merely interact with applications without needing 
to know any extra Orca keyboard commands. 

Note to application developers: a quick sanity check for 
testing your application is to run Orca with speech and the 
braille monitor enabled. Then, interact with your application 
using the keyboard alone. If speech and the Braille monitor 
seem to be updating with appropriate output as you interact 
with your application, you are doing a great job so far. If 
speech and/or the Braille monitor are doing unexpected 
things, such as talking too much or not presenting anything 
at all, you have some work to do. Fear not, the Orca team is 
willing to help you! 

When you use an application for the first time, or if you 
just want to get a better idea of what is on the screen, you 
often may want to explore a window without changing 
anything inside it. This includes not even tabbing around the 
interface. As such, focus tracking mode may not always be 
useful, and you will need to use other features of Orca, such 
as flat review and where am I, that are controlled by key 
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bindings specific to Orca. When you press these key bindings, 
nothing happens in the application. Instead, Orca just presents 
the information you have requested. 

For example, you might want to read the contents of a 
window line by line, word by word, character by character and 
so on. The flat review feature takes over the desktop keypad 
keys to perform these functions. For example, keypad 7 reads 
the previous line and keypad 9 reads the next line. The remain¬ 
ing numerical keys on the keypad perform similar functions for 
reviewing by word and character. 

You also may want to know more detail about the object 
that currently has focus, the title of the current window, the 
contents of the status bar (if it exists) and so on. The where 
am I feature provides key bindings to obtain this information. 
For example, use the keypad Enter key to obtain information 
about the current object. When you press Insert at the same 
time as the Enter key, Orca presents information about the 
window title and status bar, if one exists. 

Note on Orca key bindings: although the keypad keys are 
an exception, most of Orca's key bindings require you to press 
the Orca key at the same time as another key. This is much like 
how the Ctrl, Alt and Shift modifiers are used. The Orca key is 
a made-up modifier that can be bound to any key on the key¬ 
board. By default, the Insert key is used as the Orca key for the 
desktop layout, and the Caps Lock key is used as the Orca key 
for the laptop layout. When Orca is used, the Orca key is 
owned by Orca and no longer behaves as a normal key. 

The flat review and where am I features are only a few 
of the operations you can access via Orca's key bindings. 
For a complete list of Orca's key bindings, browse the Key 
Bindings tab of the Orca configuration GUI. In this page 
tab, you also can redefine the Orca key bindings to suit 
your specific needs. 

Example: Accessing gedit’s Open Files Dialog 

Let's take Orca for a test ride and try a dialog containing 
components you might encounter in a traditional window: 
gedit's Open Files dialog. First, run the gedit application, 
which typically is found as the Text Editor menu item under 
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Figure 5. gedit’s Open Files Dialog 


















































FEATURE Orca 


Note to application developers: 
one of the main trouble areas 
for accessibility is forgetting 
to bind labels to the things they 
are labeling. 

the Accessories menu. Then, press Ctrl-0 to open the Open 
Files dialog. 

When the Open Files dialog first appears, focus is on the 
text area labeled Location:. Orca automatically should present 
this information to you. With speech, you will hear "Location: 
text", which is Orca telling you the name, contents and role of 
the text area. As you type in this area, speech and Braille auto¬ 
matically should update. 

Note to application developers: one of the main trouble 
areas for accessibility is forgetting to bind labels to the things 
they are labeling. The reason Orca knew to present the 
Location: label for the text area is that the gedit developers 
took care to set the L of Location as a mnemonic to get to 
the text area via Alt-L. Using mnemonics is not just useful for 
keyboard-only users, it also lets the accessibility infrastructure 
know there is a binding between the label and the text area. 

In the event a mnemonic is not something you can use, you 
can set the Label For and Labeled By properties on associated 
components using the accessibility properties tab in Glade. 

As you arrow down through the file list, Orca presents 
each line to you. To get out of the file list, press Tab to navi¬ 
gate to the other objects on the page. As you do so, Orca 


Resources 


Orca Wiki: live.gnome.org/Orca 

Downloading and Installing Orca: 

live.gnome.org/Orca/Downloadlnstall 

eSpeak Speech Synthesizer: espeak.sourceforge.net 

Festival Speech Synthesis System: www.cstr.ed.ac.uk/ 
projects/festival 

BrITTY: mielke.cc/brltty 

Configuring and Using Orca: live.gnome.org/Orca/ 
ConfigurationGui 

GNOME Keyboard Navigation: www.gnome.org/learn/ 
access-guide/latest/keynav-l.html 

GLADE: glade.gnome.org 

Orca and Firefox 3: live.gnome.org/Orca/Firefox 

Orca Users' List: mail.gnome.org/mailman/listinfo/orca-list 


presents information about where you are. Notice how the 
Character Coding label is presented when you tab to that 
combo box. Mnemonics and quality keyboard traversal are 
good friends to a screen reader. 

Example: Accessing LinuxJournal.com Using 
Firefox 3 

Now, let's try accessing the relatively rich Web page at 
linuxjournal.com. This will not only provide you with an 
example of accessing rich content with Orca, but it also will 
give you an idea of the power of scripting with Orca. The 
Orca team has worked closely with the Mozilla team to 
provide much better accessibility for Firefox 3. Orca's script 
for Firefox 3 also provides a number of custom mechanisms 
for accessing Web content. In this example, we'll demonstrate 
how a typical user might browse Web content. 

Note: you must use the latest Firefox 3 nightly builds. See 
the "Firefox" page of the Orca Wiki for more information on 
obtaining the latest Firefox 3 nightly builds. 

When you run Firefox 3, go to linuxjournal.com by 
pressing Ctrl-L and then typing the URL. Once Firefox loads 
the page, Orca should start reading it automatically. You 
can stop the automatic reading at any time by pressing any 
key on the keyboard. 

At this point, you can tab around to focusable items on the 
page, such as links. There is much more important information 
on the page than links, however, and Orca's script for Firefox 
provides convenience mechanisms to get to the information. 

Pressing the arrow keys gives you traditional caret navi¬ 
gation, but the Orca script for Firefox also provides more 
sophisticated structural navigation. Press 0 and Shift-0 to 
jump to the next and previous "large objects" on the 
page. On linuxjournal.com, these happen to be the arti¬ 
cle summaries. You also can press H and Shift-H to move 
by header and L and Shift-L to move by list. The "Firefox" 
page of the Orca Wiki has more complete documentation 
on accessing Web content via Firefox and Orca. 

Conclusion 

This introduction should give you enough information to begin 
experimenting with the Orca screen reader, both as an end 
user or as a developer wishing to make your application more 
accessible. The Orca help facility, available via the Help button 
on the Orca main window, and the Orca Wiki provide much 
more information than can be covered here. 

We also encourage users and application developers to 
join the Orca users' list. It is a list with a culture geared toward 
constructive and helpful comments. Much of the Orca user 
community hangs out and participates on this list.a 


Willie Walker is the lead of the Orca screen-reader Project and has been working in the X 
Window System accessibility space for nearly two decades. He is grateful to his employer. Sun 
Microsystems. Inc., for taking a leadership role in accessibility, and he also is grateful to the 
Mozilla Foundation for its continued support. Oh yeah, he loves his team and the Orca community 
too. Orca wouldn’t be what it is today without all the people and organizations involved. 

LJ pays $100 for tech tips we publish. Send your tip and contact 
information to techtips@linuxjournal.com. 
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MAKE YOUR APPLICATION 
ACCESSIBLE WITH 

Accerciser 

Take your application out for spin with Accerciser, and see whether it’s accessible. 

EITAN ISAACSON 



You might think you need to be 
familiar with assistive technologies like 
the Orca screen reader to determine 
whether your application is accessible. 
The truth is that with just a couple 
simple rules and an open-source tool 
called Accerciser, the task at hand is 
fairly simple. 

Before you start diagnosing your 
application with specialized tools like 
Accerciser, you should ask yourself a 
few straightforward questions about 
your application. 

1) Does my application's function¬ 
ality depend on colors, icons or audi¬ 


ble feedback? 

Sometimes an application uses a cer¬ 
tain color, graphical icon or sound as an 
indicator of its status or as a notification 
for users. A simple example is a battery- 
status panel applet; the applet warns 
users that their laptop battery is low by 
changing the battery icon from green to 
red. Of course, if users are blind, neither 
the green nor the red icon will be help¬ 
ful if a textual description is not provided. 
Color-blind users also will be unable 
to decrypt such a status indicator. As 
another example, a calendar application 
may have an audible alert with no visual 


indication when an appointment time is 
approaching. This, of course, would be 
a useless feature to people who are 
hard of hearing, or even to those who 
simply have their audio muted. 

Such applications should offer alter¬ 
native means of access to their features. 
Maybe a tooltip or label for the CPU 
monitor? Maybe an optional alert 
pop-up for the calendar program? 
These kinds of changes might not 
always be the perfect and most elegant 
solution, but remember, the line sepa¬ 
rating accessibility from usability is blurry 
and often nonexistent. The colored dot 
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on the CPU monitor might look nice by 
itself, but give users options as to how 
they can use your application. 

2) Can users adjust the font size and 
interface color scheme in my application? 

If your application utilizes a stan¬ 
dard widget library like GTK+, the 
answer to the question above is yes. 
GTK+ is fully themeable. In fact, most 
Linux distributions provide a set of 
large-print and high-contrast themes 
to enable greater accessibility. 

The question above should be 
examined seriously by ambitious devel¬ 
opers who create a custom widget 
that is not provided by the toolkit. A 
good way to test a new widget is by 
applying an inverted high-contrast 
widget theme. Does the interface 
show up well? Is it conforming to the 
user-set widget theme? 

Just like themes, most modern 
desktop environments provide a 
central place where the default font 
style and size can be defined. If your 
application is rendering text through 
the standard code path, chances are 
high that the font style and size the 
user defined globally will be applied 
to your application. But, what if your 
application explicitly defines font style 
and size? Or, maybe your application 
does specialized text rendering? In 
these cases, it is important to give 
the option for tweaking the font in 
your application. 

3) Can my application be used with¬ 
out a pointer device? 

Many conditions inhibit the use of 
pointer devices, for example, muscle 
weakness, hand tremors, involuntary 
movement or difficulty in seeing the 
mouse pointer on the screen due to 
visual impairment. For these reasons, 
it is important to enable nonpointer 
interaction with your application's 
features. This, of course, is easy to 
test. Disconnect your mouse and hide 
it where you won't find it. Use your 
application to ensure that you could 
reach and use all of your program's 
functionality. This also is a good time 
to think about useful keyboard short¬ 
cuts and mnemonics. Users will thank 
you when you make certain functions 
easy to reach without strenuous inter¬ 
face navigation. 

4) Does the focus order in my 
application make sense? 

Because you can't assume that users 


Figure 1. Desktop Accessibility Components 

will be using a mouse, tabbing focus 
order should be considered. Remember 
the last time you bought something on¬ 
line? Most users fill out the order form 
by tabbing to the fields and typing: first 
name, tab, last name, tab, street 
address, tab and so forth. Wouldn't it 
be aggravating if, after you tabbed out 
of the name field, the Submit button 
got focus? Although sighted users 
might find this to be an inconvenience, 
screen-reader users will get a larger 
dose of confusion, because the work 
flow, when using a screen reader, is 
dictated by the focus order. 

The visual appearance of your 
application does not need to change 
in order for it to have a good tabbing 
order. GTK+'s API has functions for 
defining the focus order of a parent 
widget's children. 

The Plumbing 

After you have asked yourself all of the 
above questions and provided satisfac¬ 
tory answers, it's time to see whether 
your application provides the proper 
instrumentation to assistive technolo¬ 
gies, such as Orca. The functionality and 
state of your application are provided to 
the assistive technology through a 
CORBA-based framework called AT-SPI 
(Assistive Technology Service Provider 
Interface). From your application's 
side, the communication with assistive 
technologies is done with a library 


called ATK (Accessibility Toolkit), 
which allows you to create Accessible 
objects that are synonymous with 
your graphical widgets. 

In most instances, when you use 
GTK+, the accessibility internals 
should not concern you, because 
GTK+ has a module called GAIL (GNOME 
Accessibility Implementation Library) that 
does most of the heavy lifting for you. 
GAIL takes all of GTK+'s stock widgets 
and provides proper Accessible objects 
for them using ATK. 

Accerciser, the Accessibility 
Exerciser 

Accerciser gives a top-down view of 
what your application is providing 
regarding assistive technologies. It does 
this by tapping in to the same interface 
that an assistive technology would use, 
AT-SPI. Accerciser fits the needs of many 
different audiences. It is a tool used by 
assistive technology developers to see 
what AT-SPI is providing their applica¬ 
tions, and it is used by automated Ul 
test developers by exposing the differ¬ 
ent methods and events that could be 
expected from their target application 
when they author test scripts. And, in 
our case, it allows user interface devel¬ 
opers to ensure that their application is 
providing all of its functionality through 
AT-SPI. In short, it allows us to exercise 
the accessibility of our application. 

You can obtain Accerciser by 
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FEATURE Accerciser 



Figure 2. Accerciser’s Main Window 
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Figure 3. Limelite Screenshot 

downloading it from Accerciser's Web 
site, or check your distribution to see if 
it is already packaged. 

Accerciser consists of a fairly small 
core. Most of Accerciser's features are in 
its bundled plugins. Accerciser's main 
window has three major areas: a tree 
view of the entire desktop accessible 
hierarchy as exposed by AT-SPI's registry, 
and two tabbed plugin areas. 
Accerciser's plugins can be toggled and 
rearranged simply by dragging the plug¬ 
in tabs: drag a tab to another plugin 
area to move the plugin to that view, or 
drag the tab over the desktop to create 
a new window with a plugin view in it. 

An easy way of diagnosing our 
application is with the Interface 
Viewer plugin. Accessible objects 
could expose a wide range of func¬ 


tionality by providing more than one 
interface type simultaneously. 

The interface viewer plugin allows 
users to explore the functions a 
selected Accessible object provides. 
We use this plugin below to examine 
a fictional application. 

Limelite, an Imaginary 
Application 

So far, it seems that we get everything 
we need for our application's accessibili¬ 
ty for free just by choosing GTK+, right? 
We have theme compliance, we have 
keyboard navigation, we even have 
AT-SPI support. So, where could we be 
falling short of full accessibility? 

First, let's create a fantasy applica¬ 
tion called Limelite. Limelite is a simple 
song-playing program with one killer 


feature: by pressing a toggle button 
in the GUI, the vocals are magically 
removed from the sound output, and 
the user, for a few minutes, could be 
a rock star. 

Limelite's main window is divided in 
two. The top shows data about the cur¬ 
rently playing song, and the bottom has 
common media controls (play, pause, 
next and so on) and a toggle button 
that enables or disables karaoke mode. 

To examine Limelite through 
Accerciser, all we need to do is run both 
programs. Limelite's top accessible node 
will appear in Accerciser's tree view. As 
we traverse down through this node's 
descendants and select child nodes, we 
will get a flashing rectangle around 
the equivalent widget of the selected 
accessible node. When a node is 
selected, the plugins will update and 
show information about the currently 
selected Accessible object. 

Labels 

When you spend time designing an 
application's interface in a visual man¬ 
ner, issues like proper labeling often are 
overlooked. We use Accerciser to find 
such instances quickly. 

Accerciser comes with a plugin 
called Quick Select. Put the pointer over 
the widget you want to examine, say 
the Play button, and press Ctrl-Alt-/, the 
button is highlighted, and Accerciser's 
tree view shows the Play push button as 
selected. Because the Accessible's name 
is Play, we can be certain that an assis¬ 
tive technology will not have trouble 
conveying the function of that button. 

Limelite's multimedia keys are all 
GTK+ "stock" labels. Stock labels are a 
pool of commonly used labels that 
GTK+ provides. It is always a good idea 
to use these labels when possible, as 
they will provide a localized string and a 
themeable icon in most cases. For this 
reason, stock labels usually are safe 
from an accessibility standpoint. 

The one key that should concern us 
here is the karaoke toggle mode but¬ 
ton. This button contains nothing but a 
microphone graphic. If you select it in 
Accerciser, you will notice there is no 
string representation present. A good 
place to double-check is in the Interface 
Viewer, under the Accessible section. 
Here, you can see there is no descrip¬ 
tion for the Accessible either. 

This situation easily can be ratified 
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Figure 4. Glade-3’s Accessibility Tab 

by directly naming the Accessible object 
through ATK's atk_object_set_name() 
function. If your Ul is defined with 
Glade or GtkBuilder, you should be able 
to set the Accessible's object name in 
the Accessibility tab. 

Of course, the above solution will 
not make your interface any more clear 
to a user without an assistive technolo¬ 
gy. A tooltip would be a good choice in 
this case, both for general usability and 
accessibility. When a tooltip is set for a 
widget, GAIL automatically uses the 
tooltip's text as the Accessible object's 
description string. Assistive technologies 
could utilize this description string. 

Relationships 

When sighted users see Limelite's Ul, it is 
obvious to them what the relationship is 
between the labels. For example, it is 
clear that the Artist label denotes the 
fact that Edith Piaf is the performing 
artist of the current track. This is clear 
because of the table-like spatial layout of 
the labels: on the left are the field names 
and on the right are the field contents. 

A screen reader will have trouble con¬ 
veying this relationship between the two 
labels to blind users. AT-SPI exposes all of 
these labels as a flat collection, and GAIL 
has no way of automatically determining 


the labels' relationship to each other. 

For this reason, such relationships 
need to be defined explicitly by the 
application author. If the application's Ul 
was defined via Glade or GtkBuilder, we 
could easily declare the proper relation¬ 
ships in the Accessibility tab in each 
label's properties. If our user interface is 
written pragmatically, we will have to 
use ATK's API. 

With Limelite as an example, the 
label containing the Artist string needs 
to have a "label-for" relationship with 
the label holding Edith Piaf, and the 
Edith Piaf label in turn needs to have a 
"labeled-by" relationship with the label 
holding Artist. Similar reciprocal rela¬ 
tionships need to be defined for the 
Title and Album fields. 

Finally, in the Accessible section in 
Accerciser's Interface Viewer plugin, we 
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Figure 5. Label Relationships 
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Figure 6. Relations as Seen in Accerciser 

could verify that the defined relationships are conning down the 
wire and are provided to the assistive technology. 

Conclusion 

It is hard to separate usability from accessibility; more often 
than not, the two terms are synonymous and require your 
sound judgment. But, if you keep a few simple principles in 
mind, developing an accessible application is an easy and 
straightforward task. Tools such as Accerciser allow you to 
review your program's interface from the assistive technology 
side and make informed choices in interface design. ■ 


Eitan Isaacson currently lives in Seattle. Washington. Eitan is a regular contributor to Orca and is 
the developer and maintainer of Accerciser. Eitan’s passions include sipping high-mountain 
oolong tea and talking politics. 


Resources 


Accerciser's Web Site: live.gnome.org/Accerciser 

GNOME Accessibility QA: developer.gnome.org/projects/ 
gap/testing/index.html 

Keyboard Navigation for GNOME: 

developer.gnome.org/projects/gap/keyboardnav.html 

ATK API Documentation: 

library.gnome.org/devel/atk/unstable/index.html 
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Did you know Linux Journal maintains a mailing list where list 
members discuss all things Linux? Join LJ’s linux-list today: 
http://lists2.linuxjournal.com/mailman/listinfo/linux-list 
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INDEPTH 



Multitrack Video Editor 
Roundup 

Video editing in Linux can be hell, but a handful of programs are showing the way 
forward to a better world, dan sawyer 


In the January 2006 issue of U, I 

wrote an extensive article surveying the 
state of the art in video production soft¬ 
ware on Linux. At the time, there were 
a lot of new players, some brought into 
the field from the first Google Summer 
of Code, and very few of them were 
serviceable all the way around. 

The intervening years have done 
their Darwinian work, with some pro¬ 
jects maturing rapidly, others stagnating 
and others being abandoned or disap¬ 
pearing off the Net altogether. But, as 
Nietzsche noted (or would have if he 
were as interested in software as he 
was in philosophy), "What doesn't kill a 
project, makes it stronger." This article 
is about the survivors. Few though they 
are, some have managed to thrive. 

Video editing on Linux always has 
been curiously bifurcated. On the one 
hand, there are glorious high-end finish¬ 
ing packages, such as Discreet Smoke, 
that are used routinely on big-budget 
productions, but the price tag for a 
single Smoke system runs into the tens 
of thousands of dollars, so it's not par¬ 
ticularly budget-friendly. On the other 
hand, there are excellent low-end pack¬ 
ages, such as Kino, which handles DV 
with grace, speed and polish. The mid¬ 
dle ground between them is littered 
with half-finished projects, failed projects 
and Cinelerra, a behemoth that is both 
finished and polished but can be said to 
"work" only in the sense that a horse 
with five legs might learn how to walk. 

That is changing. 

There is nothing, in theory, stopping 
an open-source video editor from offer¬ 
ing the basic functionality of a Premier 
or a Final Cut Pro, together with the 
switching ability of a product like 
Casablanca to produce very quick 
edits of multicamera shoots. Cuisine, 
in fact, was developed with this ability 


in mind, and even though it got only 
halfway there before it was abandoned, 
several of the innovations it used 
toward that end could be instructive. 
Some of the projects here already are 
well on that road. 

The Main Contenders 

The Linux multitrack field is now domi¬ 
nated by three programs that have been 
going gangbusters on development. All 
of them are not only still standing but 
also are proceeding at a meteoric 
pace—and in a promising direction: 
Jason Wood's KDENLIVE, Richard 
Spindler's OpenMovieEditor and The 
Blender Foundation's Blender. 

KDENLIVE 

KDENLIVE (the KDE Non-Linear Video 
Editor) is the project that has garnered 
the bulk of my ink thus far (I reviewed it 


in-depth in the September 2007 issue 
of LJ), mostly because it has been a 
clear leader for quite a long time. It 
was the first multitrack in the current 
crop to attain usability. 

Pioneered by Jason Wood and now 
maintained by a team of developers, 
KDENLIVE is a Qt-based editor that uses 
FFmpeg as its decoding engine and Dan 
Dennedy's MLT as its frameserver and 
EDL backbone. It's a powerful combina¬ 
tion, putting it into a position to handle 
HD as easily as garden-variety DV, and 
opening up its importable profile to 
include pretty much any video format 
you can watch on a Linux box. 

The interface is laid out much like 
that of the late MainActor. It's familiar 
and easy to pick up, and if you're like 
me and really hate this paradigm, you 
can undock the interface components 
and reconfigure them until your picky 



Figure 1. KDENLIVE’s default interface resembles early versions of Premier or MainActor. 
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little heart is content. 

The underlying MLT framework 
supports infinite audio and video 
tracks, and there are a healthy number 
of built-in video and audio effects 
(although extensive keyframing remains 
problematic at the time of this writing). 
Its interface sluggishness mentioned in 
my prior review largely has been solved, 
as have the difficulties working with 
interlaced footage when scaling. The 
titler subsystem now works and is 
very nicely compatible with installed 
TrueType fonts and a wide variety of 
raster graphics formats. 

All of this is great, but it doesn't 
amount to a hill of beans in this crazy 
world if it can't perform. That's where 
the drawbacks show up. It's still fairly 
crash-prone, and the current migration 
from FFmpeg as the frameserver to MLT 
has broken a few things relating to a/v 
synchronization with NTSC footage. 
These are known issues due to MLT 
bugs, which are, at the time of this 
writing, being fixed (and hopefully will 
be fixed by the time you read this). 

There is still a way to go in a couple 
of areas. Its audio toolkit is rudimentary, 
but its easy exporting dialogue-splitting 
means you can split the audio and push 
it over to Audacity or Ardour for sweet¬ 
ening once your edit is done. 

The export GUI also presents a prob¬ 
lem. As extensive as it is, it isn't friendly 
for creating new profiles, which means 
that you have to hand-tweak scripts or 
wait for new profiles if you want one 
that doesn't happen to come prepack¬ 
aged. Fortunately, the plethora of 
profiles is quite staggering, including 
a wide range conforming to all the 
current FID broadcast standards. 

The final weakness—and the 
most annoying to me personally—is 
KDENLIVE's lack of support for import¬ 
ing image sequences. It's something 
that should be axiomatic in a system 
using FFmpeg as a back end, as FFmpeg 
is an excellent manipulator of image 
sequences and Bash has wild cards for 
such things built in. This alone bumps 
KDENLIVE out of the professional space, 
but with this exception, it is a highly 
promising work in progress, stable 
enough to use so long as you don't 
mind pressing Ctrl-S fairly frequently. 


Its most irritating issues are pretty much 
solved, and I've used it to complete 
several short and long-form projects. 
It's perfectly serviceable for day-to-day 
use if you know your way around 
your footage. 

KDENLIVE is the only product in this 
roundup that supports video capture. 

Here's hoping the development team 
keeps up the excellent work! 

OpenMovieEditor 

OpenMovieEditor is the brainchild and 
personal hobby of Richard Spindler, and 
it's generally stable, fast and usable. It 
supports the full range of framerates 
and allows for the creation of pretty 
much any working profile, and it sits 
partly—though by no means exclusive¬ 
ly—on FFmpeg with all the glorious 
format compatibility that this implies. 

The work flow is pretty much what 
you'd expect, with the interface closely 


mirroring what we've come to expect 
from KDENLIVE and similar projects. 
Unlike KDENLIVE, the interface is not 
easily reconfigurable. However, because 
it's built on FLTK, it's fairly rock-solid. It 
doesn't crash, it's fast and light and 
doesn't bog down due to fancy widget 
rendering. The resulting look is fairly 
inhospitable cosmetically, but you don't 
need rounded corners and crystalline 
widgets when you have a program that 
stays up like a truck and speeds along 
like a Trans Am. 

HD compatibility is no problem; 
OpenMovieEditor is profile-agnostic. 

If FFmpeg or libquicktime can read it, 
you can use it, and it's always obvious 
what's compatible because it shows 
up with a thumbnail in the media 
browser tab. 

The development philosophy under 
which Spindler has proceeded leverages 
the power of the Open Source world to 
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editing tools are all embedded right in the interface next to the tracks, and the nodes editor for the 


Figure 2. OpenMovieEditor’s FLTK interface: the 
compositing subsystem is visible at bottom left. 

his project's advantage. When I inter¬ 
viewed him for background for this arti¬ 
cle, he told me that, behind the scenes, 
he is involved in several external video 
projects that he uses to advance 
OpenMovieEditor, building on a suite of 
highly stable external libraries: gavl, 
libquicktime, the FreiOr plugin API, JACK 
and several others. All of these things 
extend the package considerably, with 
FreiOr being of special note as the 
primary source for the video effects. 
Spindler himself is involved in FreiOr, 
libquicktime and Cinelerra development 
in varying degrees, which gives him the 
familiarity he uses to integrate their best 
tricks into his own project. 

He has used it to stunning effect. 
The audio and video effects in 
OpenMovieEditor work splendidly, 
although many of them could use more 
settings controls to move them into a 
more professional realm. The latest 
addition to his bag of tricks though is a 


major step in the right direction and 
something hereto unheard-of in the 
realm of open-source video editing 
packages: nodes-based compositing, 
which can use all the installed video 
effects (although Blender also has a 
nodes-based compositor, its interface 
with the video editor is oblique and 
patterned more after the fashion of a 
finishing system than a video editor). 

OpenMovieEditor is unique among 
Linux multitrack editors in that it is 
capable of running its audio through 
the JACK Audio Connection Kit (JACK). 
This gives it access to all the excellent, 
readily available Linux pro-audio tools, 
and with proper kernel patching it 
works in real time. The upshot is that 
you can use OpenMovieEditor as part 
of a sync chain that will allow you to 
create, compose and tweak your sound¬ 
track while always seeing the video and 
hearing the audio as it's mixed. It's hard 
to overstate the power of this; it is 


unambiguously a professional feature, 
and it's a great benefit to independent 
filmmakers and small studios who need 
the performance it offers and aren't 
able to buy the higher-end turnkey 
systems on offer for the film industry. 
But Spindler isn't done—he and his 
community members are working on 
integrating the system with Inkscape 
and with Blender for generating new 
transitions and other effects. The 
future on this seems bright! 

When it comes to asset manage¬ 
ment, the program seems, at first 
glance, not much different from 
KDENLIVE. Looks are deceiving 
though—it's much more flexible. 
When it comes to open-source projects, 
OpenMovieEditor's asset management 
system, which allows clips to be stored 
in a bin off the timeline for grabbing 
and inserting, is a work-flow tweak that 
makes shot selection independent of 
the status of the edit, and also makes 
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assembling the selected shots far quicker. 
With its ability to set clips in the use bin 
rather than whole files, its ability to use 
image sequences and its thumbnail 
filesystem browsing, it is far above par, 
and much more sensible than what's 
available for asset management in 
KDENLIVE or Blender. 

One caveat that Spindler gave me 
when I interviewed him via e-mail: 

OpenMovieEditor is very much a 
work in progress; this means that 
it is not yet feature-complete, 
but that it has a rapid pace of 
changes; development is hap¬ 
pening rather fast, and not in a 
very "controlled" fashion. So, it 
might happen that stuff that 
worked once can break, or that 
new features are not as well 
tested as they should be. 

So, it's a wise procedure, when 
upgrading OpenMovieEditor, to test 
fresh compiles thoroughly before 
installing them, or at least to keep 
around an older package you know 
to be working to revert to should 
there be problems. 

In sum, OpenMovieEditor is an 
excellent package all around and well 
worth the time investment in learning 
it. It lacks the plethora of export profiles 
offered by KDENLIVE, but it makes up 
for this with a well-appointed, intuitive 
GUI that allows experienced editors to 
specify their own export settings for 
pretty much any destination or master¬ 
ing format supported anywhere under 
Linux. It goes further, supporting high 
bit-depth editing, effects and export 
with integrated (though still primitive) 
nodes-based compositing. This is a 
project with nowhere to go but up. 

Blender 

Blender is justly and primarily famous 
for its standing as the premier 
free/open-source 3-D graphics pack¬ 
age, but that's not all it can do. Because 
it is intended as an end-to-end finishing 
system for animation, it has integrat¬ 
ed a full-featured, OpenGL-driven 
video editor called the VSE (Video 
Sequence Editor). 

The VSE is, to say the least, pretty 


strange. Like all things in Blender, the 
interface is built for efficiency and 
speed of use over user-friendliness, 
so the learning curve is a bit steep, 
although knowing a good bit about 
how the rest of Blender works will 
help out handsomely. 

Blender's major shortcomings to 
this point, as a video editor, have 
been threefold: 

■ As it started life as an animation 
editor, it hasn't had support for frac¬ 
tional framerates such as are found 
in NTSC (29.97), which causes sound 
sync problems when editing NTSC 
footage with sound. This is now fixed 
in CVS, and with any luck, it will be 
in the next main release before this 
article goes to press. 

■ Its export paradigm is obtuse and 
hard to cope with, setting an entry 
bar too high for most editors to be 
willing to consider. A bit of practice 
makes this a non-issue. 

■ It also has no asset management 
system—all that work has to be done 
outside the program by editors care¬ 
fully structuring their directories and 
assets if they care to keep track of 
everything. This probably never will 
be addressed—thus far, there isn't a 
significant cry from within the user 
community to change it, and I sus¬ 
pect it would take some nontrivial 
code refactoring to pull it off. 

However, despite these initial 
weirdnesses, Blender's VSE has a lot 
to recommend it, not the least of 
which is its easy integration with the 
other parts of Blender. It can accept as 
inputs both rendered and unrendered 
strips from the animation subsystem 
and the compositing subsystem—a very 
powerful bonus. The compositing sys¬ 
tem itself (reviewed in the November 
2007 issue of LJ) is a full-fledged profes¬ 
sional nodes-based system that goes 
far beyond the video effects available 
in any other Linux editor. Additionally, 
Blender's VSE is itself a layers-based 
compositor, with quite a few native and 
community-generated plugins for color 
correction, greenscreen compositing, PIP 
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work and so on. 

In practice, this means that, when 
properly used, Blender's VSE has, by one 
path or another, all the power of After 
Effects (sans easily usable rotosplines), 


particularly for plane-based animation, a 
trick I use regularly to design animated 
DVD menus. It also has a professional 
color-correction tool that is totally 
absent from the other editors in this 


article, a vectorscope. 

For format compatibility, Blender shares 
the FFmpeg backbone with KDENLIVE 
and OpenMovieEditor (initially integrated 
into Blender by Ian Gowen as a Google 



Figure 3. Blender comes preconfigured with a video editing screen setup. Video files are in cyan, sound in blue, and image sequences are in purple, 
so you can tell at a glance what you’re working with. 


TECH TIP 


Getting X Window System Information 

are supported by the X server: 


You may have wondered how to determine certain X attributes 
using simple shell commands, such as the refresh rate and display 
resolution. You can use xrandr for that purpose: 

$ xrandr --verbose 


You also can get a great deal of information with the 
xdpyinfo command, such as finding out what extensions 


$ xdpyinfo | less 

One very useful extension for video is the Xvideo extension, 
known as xv. The xvinfo command can give you information 


SZ: Pixels 


Physical 


Refresh 

on this extension: 

*0 1024 x 768 

( 

333mm x 

241mm 

) 

*85 



1 800 x 600 

( 

333mm x 

241mm 

) 

85 

$ 

xvinfo 

2 640 x 480 

( 

333mm x 

241mm 

) 

85 



Current rotation - 

normal 





For 3-D, use the 

Current reflection 

- 

none 






Rotations possible 

- 

normal 




$ 

glxinfo 

Reflections possible 

- none 







For more information about these commands see the 
respective man pages. 

— GIRISH VENKATACHALAM 
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SoC project), and it deals excellently with 
image sequences (which is only natural, 
as it was originally an animation editor). 

Its audio compatibility also is FFmpeg- 
based, and although Blender's audio tools 
are paltry to the point of vanishing, it is 
quite suitable for video editing where a 
separately mixed soundtrack is conformed 
to the video in the VSE. 

Like OpenMovieEditor and unlike 
KDENLIVE, Blender's VSE is format- 
agnostic—the final output profile being 
controlled by the output settings in the 
RenderButtons window. 

Alas, Blender VSE has one more 
shortcoming: unlike KDENLIVE or 
OpenMovieEditor, it has no option for 
direct stream copy to prevent generation 
loss when rendering out to the same 
format you are using for your source 
footage. If you're using Blender as a fin¬ 
ishing system, this isn't an issue; most of 
your footage will have effects applied and 
thus be recompressed on export anyway. 

I personally don't use Blender as my 
primary video editor, though I have 
found myself using it more and more 
as a finishing system and may give it 
a go doing a full project on it some¬ 
time in the not-too-distant future. It's 
an odd mix of best-of-bunch and 
worst-of-bunch, which might not 
seem like a glowing recommendation, 
but it is an indispensable tool for a 
Linux production pipeline. 

Detritus 

Of course, there are a number of pro¬ 
jects I haven't mentioned here. Without 
exception, they are all unusable. They 
either haven't achieved usability yet 
(Pitivi and Jahshaka), they are poorly 
designed, unstable and resource-hungry 
(Cinelerra), or they are dead on the vine 
(MainActor and Diva). 

Conclusion 

One of the great weaknesses in open- 
source software in the video domain 
thus far has been a lack of imagination. 
In the commercial world, because of the 
way the industry has developed, there 
long have been a handful of sharply 
divided paradigms for editing. Market 
strategy being what it is, it's in the inter¬ 
est of commercial developers to keep 
their products for the various paradigms 


in separate tracks: more programs 
equals more redundant software sales, 
and the ability to set high prices for 
some markets while giving away the 
software for other markets (usually 
bundled with hardware). So far, open- 
source developers have been content to 
emulate it, and it's a philosophy that has 
hobbled the development of a killer app 
for video editing on Linux. All three of 
the projects covered here would do well 
to take a look at the asset management, 
footage commenting and multicamera 
switching strategies innovated by Drew 
Pertulla and implemented in his now- 
fallow multitrack editor Cuisine and at 
other innovations among the also-rans. 

Fortunately, OpenMovieEditor and 
Blender are starting to break the mold, 
and I have high hopes that KDENLIVE 
will follow suit. 

However, what's left is quite usable 
and in some cases bordering on down¬ 
right impressive. So, grab your cameras, 
get a script, and dive on in !■ 
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Maximize Desktop Speed 

Are you a speed junkie who wants the fastest, most responsive machine? Try 
these changes and get even more speed out of your Linux box. federico kereki 


One of the best things about Linux is that you can get much 
more performance out of the same computer than with other 
operating systems. However, there always is room for improve¬ 
ment, and you should be able to get a bit more speed out of 
your box by applying some specific enhancements. 

Don't expect miracles, however. No amount of tweaking 
can turn a Pentium II into a Quad Core monster (remember 
the old saying about silk purses and sow's ears?), but you can 
expect to get a more responsive machine that "handles" 
better. Although some of the changes are internal and hard 
to see, you will find that your system feels livelier, your clicks 
produce answers faster, you can switch between applications 
more quickly and programs run in less time. 

Let's be practical. If you get a better CPU, there's probably 
nothing in this article that will match your results, and the 
same goes for a better graphics card or speedier disks. But, 
you expected that, didn't you? (Making such hardware 
upgrades would benefit not only Linux, but also every other 
operating system out there.) However, making such changes 
are practically the equivalent to getting a whole new machine, 
so you wouldn't be really enhancing the performance of your 
old box, but starting anew. 

That said, this article discusses configuration changes with 
the aim to leave everything (well, almost everything) as it was 
but make it perform better. Of course, these changes aren't all 
equal; some are more difficult (and riskier), some require 
rebooting or other procedures, and some even require delving 
into the command line and editing configuration files. But, 
don't give up. The results are worth it. 

As a final note, I use OpenSUSE (version 10.3) and KDE for 
the examples in this article. If you are using other distributions 
or desktop environments, you will find small differences in file 
locations or procedures. Currently, because most distributions 
offer exactly the same packages and drivers, one of the largest 
remaining differences between them is precisely in the config¬ 
uration tools, so you may need to do some searching on your 
own. In any case, it's a safe bet you will find a way to manage 
anything described here, only in a different way. 

RAM, RAM, RAM 

Similar to the old real-estate adage "Location, location, loca¬ 
tion", getting more RAM, RAM, RAM will provide a great 
improvement. All processes need memory, and whenever the 
kernel runs out of RAM, it starts swapping to disk, but as this 
is orders of magnitude slower, your performance takes a hit. If 
you are willing to spend something, don't hesitate. Go out 
and get some extra RAM sticks for your machine. As soon as 
you plug them in, you will notice better performance. 
Getting more RAM isn't very costly, and it doesn't require 


any configuration or re-installation. 

Even if you don't want to spend the money for more RAM, 
you can make Linux manage the available RAM in a more 
efficient way. Here are some simple changes to consider: 

■ Change from KDE or GNOME to a lighter desktop environment. 
GNOME is about the worst in terms of RAM requirements 
(although it's far below that of Windows Vista), and KDE is a 
close second. Try using a less-demanding environment, such as 
Xfce or Enlightenment, which is used in gOS, the operating 
system pre-installed in the Everex Green gPCs sold at Wal-Mart 
[see Doc Searls' interview with David Liu on page 58 for 
more on the gOS]. Other possibilities include IceWM, 
Blackbox, Fluxbox, Fvwm, JWM or (the now seemingly 
defunct) Window Maker. Note that these window managers 
are not exactly equivalent to having a full desktop environ¬ 
ment, so you will have to adapt a bit. Plenty popular distribu¬ 
tions, such as DSL (Damn Small Linux) or Puppy Linux use 
these lightweight window managers, and many are available 
as optional packages for Red Hat or SUSE. 

■ Get rid of fonts you never use. I was once a fonts junkie 
and loaded my box with several hundred fonts (I'm not 
exaggerating) just in case I might use them some day. Each 
font requires memory, and the fewer fonts you have, the 
more RAM you will free. And, some programs will run 
faster, because they will have shorter lists of fonts to load. 

■ Reduce the number of virtual desktops. Windows users 
work with only one desktop, but do you really need 16 virtual 
desktops in Linux? Experiment a bit with this. I wouldn't go 
down to one desktop, but most of the time, having two or 
three virtual desktops is more than enough. 

Getting Too Swappy? 

Linux (as most other, if not all, modern operating systems) uses 
a technique called Virtual Memory to give programs the 
impression that they have plenty of memory available, even 
more than the actual RAM size of the machine. This technique 
implies using disk memory (the /swap partition) to simulate 
actual RAM, swapping pieces back and forth. Of course, 
whenever this swapping process runs, you will experience 
longer response times and slower performance. 

The kernel tries to prevent future swapping by doing 
some of it in advance, and you can alter the degree to 
which this is done by changing a parameter from 0 (minimum 
swapping, done only if needed) to 100 (try to free as much 
RAM as possible). 

There are two ways to change this. The standard value is 
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set at 60. To lower it, as root, do something like: 

sysctl -w vm.swappiness=25 

or: 

echo 25 > /proc/sys/vm/swappiness 

Note that this change will last only until the next time you 
restart your box. If you want to make the change permanent, 
edit/etc/sysctl.conf, and add a line like the following: 


vm.swappiness=25 


Now, it will be loaded every time you boot. If you want to test 
the changes, make the edit to /etc/sysctl.conf and then reload 
it with /sbin/sysctl -p. 

Is it better to have lower values (down to 5 or 10) or higher 
values (up to 100)? Personally, I use 5, and I like the way my 
machines (desktop and laptop) work. If you notch it up, the 
kernel will use more CPU time to free RAM in advance; if you 
turn it down, the CPU will be freer, but there will be more I/O. 

For CPU-intensive programs, if you have fast disks, I'd go 
with lower values, as I did myself. This will produce improve¬ 
ments, such as when switching between applications, because 
it's more likely that they reside in physical RAM instead of on the 
swap partition. Even if you set swappiness to zero, if needed, 
the kernel will do its swapping, so once again, you would 
benefit from getting more RAM if possible. 

However, Linux kernel developer Andrew Morton sug¬ 
gests using 100, and author Mladen Gogale observes he 
found no difference, so you may want to try different val¬ 
ues and see what you prefer (see Resources for links to 
articles on this topic). 

Make Applications Load Faster 

Under Linux, most applications are in a special Executable and 
Linkable Format (ELF) that allows them to be smaller. Instead 
of including all needed libraries, the program file has refer¬ 
ences to them, which are resolved (or linked) when the code is 
loaded for execution. You might recognize here a classic time 
vs. space compromise: a smaller file size, but a higher loading 
time. If your program requires only a few libraries, the linking 
process is quick, but for larger programs that use several 
libraries, the linking process gets noticeably longer. 

If you are game to using a bit more disk space (and 
spending some time preparing all files), you can use the 
prelink command to do the linking phase in advance and 
store the needed libraries within the program file itself, so 
it will be ready to execute as soon as it is loaded. (Actually, 

I fudged a bit here. When the program is loaded, the 
libraries are checked to verify they haven't changed since 
the prelinking, but that check is much speedier than doing 
the linking itself.) Using prelink in this way obviously requires 
more disk space (for there will be a copy of every prelinked 
library within each executable file), but with the current 
large disks, this won't even be noticed. 
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In order to prelink your programs, you need to set up a 
configuration file (/etc/prelink.conf), so prelink knows where 
to search for shared libraries and what programs to work 
with should you opt for the -a option and prelink everything 
possible. The format of this file is simple: blank lines don't 
matter, comments start with a # character, and the rest of 
the lines should be something like the following: 

-1 aDirectoryToBeProcessed 

-h anotherDirectoryButAllowingForSymlinks 

-b fileToSkip 

The -I lines specify directories that should be processed. 
The -h lines are pretty much the same, but allow for symlinks, 
which will be followed, so the prelink process might end up 
working with files actually residing in other directories than 
the ones you originally specified. Finally, the -b lines show 
blacklisted programs (patterns also can be used) that should 
be skipped by the prelinking process. I recommend leaving 
these lines alone. If your prelink experiments show that 
certain programs cannot be prelinked (you'll get an error 
message if you try), you should add an appropriate -b line to 
avoid future unnecessary warnings. As an example, Listing 1 
shows some portions of my (already provided in OpenSUSE) 
/etc/prelink.conf file. 

If you want to prelink a single program, just do prelink 
theProgramPathAndName, and if the program can be relinked 
successfully (remember my comment—this just isn't feasible 
for some programs), the original binary ELF file will be 
overwritten with the new, larger, all-including version. 

You could start a massive prelinking session by executing 
prelink -a, which will go through all the -I and -h directories 
in /etc/prelink.conf and prelink everything it finds. Here are a 

No Prelink Needed in 
Ubuntu or Debian? 

Recent Ubuntu and Debian distributions include a different 
mechanism for speeding application loading and a new 
linking mechanism that speeds up the linking process 
without using prelink. 

To enable the faster startup times, do sudo apt-get i ns tall 
preload, and from that moment on, Linux monitors which 
applications you run and fetches those binaries and libraries 
into memory. 

For example, if you use Firefox and OpenOffice.org every 
day, preload will determine that those two are common 
applications and will keep the needed libraries in RAM. Of 
course, should you change to Seamonkey and KOffice, 
preload eventually will detect your change of habits and do 
the appropriate thing. 


few more options to note: 

■ Do a dry run by including the -n option. This generates a 
report of all results, but no changes will be committed 
to disk. Use this to see whether there are unexpected 
problems or files to be excluded. 

■ Include the -m option so prelink will try to conserve memory, 
if you have many libraries in your system (highly likely) and 
not a very large memory. On my own machine, if I omit 
this option, prelink fails to work, so my usual command 
to prelink everything possible is prelink -m -a. 

■ If you dislike the prelinked files, or if you get tired of 
prelinking everything every time you get updated 
libraries, use the -u parameter to undo the changes. 
Executing preli nk -u aPreli nkedProgramName will 


Listing 1. Portions of the Provided OpenSUSE /etc/prelink.conf File 

# Acrobat Reader 

-b /usr/XllR6/lib/Acrobat5/Reader/intellinux/bin/acroread 
-b /usr/XllR6/lib/Acrobat7/Reader/intel1inux/bin/aeroread 

# RealPlayer 

-b /usr/lib/Real Player8/realpi ay 
[...some snipped lines...] 

# Files to skip 
-b *.la 

-b *.png 
-b *.py 
-b *.pl 
-b *.pm 
-b *.sh 
-b *.xml 
-b *.xslt 
-b *.a 
-b *.js 

# kernel modules 
-b /lib/modules 

[...more snipped lines...] 

-1 /lib 
-1 /1ib64 
-1 /usr/lib 
-1 /usr/lib64 
-1 /usr/XllR6/lib 
-1 /usr/XllR6/lib64 
-1 /usr/kerberos/li b 
-1 /usr/kerberos/lib64 
-1 /opt/kde3/lib 
-1 /opt/kde3/lib64 


90 | march 2008 www.linuxjournal.com 





restore the program to its previous, unlinked format, 
with no fuss. Of course, for a radical throwback to the 
original situation, do prelink -a -u. 

The prelinked versions of all programs are executed just like 
the normal ones, but will load a bit faster, thus providing a 
snappier feel. I have found conflicting opinions as to actual, 
measured results, but most references point to real speedups. 

Speed Up the Filesystem 

Every time you create, modify or simply access a file, Linux 
dutifully records the current timestamp in its directory struc¬ 
tures. In particular, the latter update obviously implies a 
penalty on file access time. Even if you merely read a file 
(without changing anything), Linux updates the file's inode 
(see Resources for more on inodes) with the current timestamp. 
Because writes obviously require some time, doing away with 
these updates results in performance gains. 

In order to achieve this enhancement, you need to change 
the way the filesystem is mounted. Working as root, do cat 
/etc/fstab to get the following: 


/dev/hdal 

/boot 

ext2 

acl,user_xattr 

1 2 

/dev/hda2 

swap 

swap 

defaults 

0 0 

/dev/hda3 

/ 

reiserfs 

acl,user_xattr 

1 1 

/dev/hddl 

/media/disk2 

reiserfs 

defaults 

1 2 

/dev/hdc 

/media/cdrom 

udf,iso9660 

ro,user.noauto 

0 0 

proc 

/proc 

proc 

defaults 

0 0 

sysfs 

/sys 

sysfs 

noauto 

0 0 

debugfs 

/sys/kernel/debug 

debugfs 

noauto 

0 0 

usbfs 

/proc/bus/usb 

usbfs 

noauto 

0 0 

devpts 

/dev/pts 

devpts 

mode=0620,gid=5 

0 0 


Given this output, the best candidates for the optimization 
are / and /dev/hddl; /boot is used only when booting, /swap is 
out of bounds for you, and the others are not hard disks. 

Making the change is simple. With your favorite text editor, 
add ,noatime to the options in the fourth column. When 
you are done, issue the mount -a command to remount all 
partitions, and then issue a plain mount to check whether 
the changes were done (Listing 2). 

Notice the noatime parameters in the /dev/hda3 and 


Listing 2. Checking the New Parameters with mount 

$ mount -a 
$ mount 

/dev/hda3 on / type reiserfs (rw,noatime,act,user_xattr) 

proc on /proc type proc (rw) 

sysfs on /sys type sysfs (rw) 

debugfs on /sys/kernel/debug type debugfs (rw) 

udev on /dev type tmpfs (rw) 

devpts on /dev/pts type devpts (rw,mode=0620,gid=5) 
/dev/hdal on /boot type ext2 (rw,act,user_xattr) 
/dev/hddl on /media/disk2 type reiserfs (rw,noatime) 


Data Integrity 
vs. Speed? 

Googling for filesystem performance enhancements, you 
might come upon a suggestion for ext3 and ReiserFS, 
involving another mounting option: data=wri teback. 

This option effectively undoes the advantage of those two 
filesystems by partially disabling their journaling. (Journaling 
is what ensures that your data won't be lost, even after a 
system crash.) If you include data=wri teback, you'll gain 
an increase in speed at the cost of having old data show 
up after a crash. I don't like this kind of risk, so I don't 
use that option. 


/dev/hddl lines. Those mean you did everything right, and 
access times are no longer being recorded. 

By the way, if you research this on the Web, you may find 
a reference to another option, nodiratime, which has to do 
with directories. Do not bother setting this option, because 
noatime implies nodiratime. 

I ran some tests (creating lots of files, and copying them to 
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1 


/dev/null) and tinned the results both with and without the 
noatime option and found some small performance enhance¬ 
ments—every little bit helps. 

Now, if you gotten this far, you're ready for the big one: 
enhancing your kernel. 

Get an Optimal Kernel 

All the tweaks we have done so far are just part of the job, 
and you even can get a bit more speed if you recompile your 
kernel and adjust it optimally for your specific hardware and 
needs. Note that even though compiling a full kernel isn't the 
challenge it used to be (mainly you just have to make a few 
choices and key in some commands), there still is room for 
botching things up. Don't try this unless you feel comfortable. 

Most distributions usually provide a one-size-fits-all kernel 
compiled with the most generic options, which should work 
for everybody. Of course, this won't necessarily fit your specific 
case. If your box has an Athlon XP CPU (as my laptop does), or 
many processors, or a certain graphics card, the generic kernel 
won't take advantage of them. What to do? You can tweak 
some kernel options and recompile it for optimal performance. 
Here, I pay specific attention to the options that enhance speed 
and responsiveness. 

Compiling your kernel isn't that difficult, but remember 
there's a distinct probability of hosing your machine and turn¬ 
ing it into a paperweight. (Okay, that may be a bit of an exag¬ 
geration. In the worst case, you simply would have to re-install 
Linux, and you wouldn't lose your data.) In my case, I used the 
YaST administration tool and installed two kernels, so I could 
choose either of them at boot time, and if I destroyed one, I 
could reboot with the other one, re-install the broken kernel 
and keep trying. 

You need some specific packages to do this: kernel-source 
(the source files for the actual kernel), gcc (the compiler), ncurses 
(for the menus) and bzip2 (used internally to create boot 
images). You also need to know a bit about your hardware. Use 
cat /proc/cpui nfo to see how many CPUs you have and their 
brands, and cat /proc/meminfo for RAM information (Listing 3). 

Start with a dry run and recompile the kernel without any 
changes, just to see if everything is set up okay. Working as 
root, do what's shown in Listing 4. 

The make processes will run for a while, and although they 
might produce some warnings, there shouldn't be any errors. 

If everything still is running okay after you reboot, it means 
you can start experimenting; you already did a kernel build. (If 
things did go seriously wrong, reboot with the other kernel, 
re-install the thrashed kernel, fix the problem, and try a dry 
run again.) 

Note: 

The specific commands used in this article are appropriate for 
the OpenSUSE distribution, but do vary from one distribution 
to another. Check your documentation for the specific com¬ 
mands you will need before trying to recompile your kernel. 


Listing 3. You will need information about your CPU and RAM 
before recompiling your kernel. 

$ cat /proc/cpuinfo 


processor 

0 


vendor_id 

AuthenticAMD 

cpu family 

6 


model 

8 


model name 

Mobile AMD Athlon(tm) XP 2200+ 

[...some lines snipped.. 

, •] 

$ cat /proc/meminfo 

MemTotal: 483488 

kB 

MemFree: 

11560 

kB 

Buffers: 

19888 

kB 

Cached: 

323408 

kB 

SwapCached: 

2768 

kB 

Active: 

166432 

kB 

Inactive: 

230396 

kB 

[...more lines snipped.. 



Listing 4. Do a dry run to ensure that you have everything you need 
for compiling the kernel. 

cd /usr/src/linux 
make clean 
make 

make modules_install 
make install 

Tweaking the kernel is simply a matter of choosing the appro¬ 
priate options from a (large) menu. As root, do the following: 

cd /usr/src/linux 
make clean 
make menuconfig 

and you will see a screen (Figure 1) with a menu full of hun¬ 
dreds of options, although luckily, you will have to change 
only a few of them. 

If graphical interfaces are more your style, change the last 
command to make xconf i g for a friendlier way of working 
(Figure 2). 

The following are some of the options to change: 

■ Under General Setup, uncheck Cpuset support. 

■ Under Processor Type and Features, check Tickless System and 
High Resolution Timer Support. Select the right CPU type under 
Processor Family, so the compiled kernel code will be optimized 
for it, and uncheck Generic x86 Support, which is needed only 
for generic kernels. Choose the amount of RAM you have 
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Figure 1. make menuconf ig provides a console-like way to select kernel options. 


under High Memory Support. Check 
Preempt the Big Kernel Lock, and 
under Preemption Model, choose 
Preemptible Kernel (Low-Latency 
Desktop). Note that for a server 
machine, you should select the No 
forced preemption option. Under 
Timer Frequency, choose 1000 (stand¬ 
ing for 1000H). Finally, if you have a 
machine with only one CPU, uncheck 
Symmetric multi-processing support. 

If you have two or more CPUs, check 
that box, and under Maximum num¬ 
ber of CPUs, enter the correct 
number. (All this data comes from 
doing cat /proc/cpuinfo, as 
discussed previously.) 

■ Under Block Layer, uncheck every¬ 
thing, unless you have disks larger 
than 2Tb. 



■ Under Kernel Hacking, uncheck Figure 2. make xconf i g produces a friendlier graphical way to choose kernel options. 

Kernel Debugging, Collect kernel 

timer statistics. Debug preemptible kernel and Write protect program (say "yes" to save the new kernel configuration) and 
kernel read-only data structures. then do the following: 


After you are done selecting options, exit the configuration make 
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make modules_install 
make install 

Watch for unexpected error messages; there should be 
none. You will need to wait, as when you did with the dry 
run. On my laptop, the complete process requires more than 
30 minutes. If you get an error message, either go back to the 
menu to try to fix whatever was wrong, or reboot with your 
backup kernel, re-install the broken kernel, and try again. If 
everything is okay, simply reboot, and try out your new kernel. 

Conclusion 

By applying just a few changes to your Linux box, you can get 
a faster response and greater speed, and you will be able to 
show off your machine to everybody. Then, after following the 
suggestions in this article, look around the Internet on your 
own, and you will be able to pick up more speed, but be care¬ 
ful, making these enhancements can become addictive !■ 


Federico Kereki is an Uruguayan Systems Engineer, with more than 20 years’ experience teaching 
at universities, doing development and consulting work, and writing articles and course material. 
He has been using Linux for many years, having installed it at several different companies. He is 
particularly interested in the better security and performance of Linux boxes. 
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Driving Markets from 
Our Own Kernels 

Only personal power will obsolete the walled garden. 

DOC SEARLS 


At the Internet Identity Workshop (IIW) a 
couple months ago, I sat at a table where a 
couple guys discussed whether certain code 
belonged in kernel space or user space. I 
missed the details, but it seemed meaningful 
to me that the IIW is a workshop for devel¬ 
opers of user-centric identity management 
systems. All the IDM (identity management) 
communities represented at IIW—OpenID, 
Higgins, CardSpace, OSIS, Oauth, ClaimID, 
Bandit, Liberty and so on—grew out of 
the need for users to be in control of their 
identity-based relationships, rather than to 
be controlled within the walls of "relation¬ 
ships" defined by the kind of "identity 
providers" whose cards fill our wallets. 

Later it occurred to me that there's a 
similar distinction between our own kernel 
and user spaces—that is, between the core 
capabilities we bring to the world and 
the way those capabilities are put to use, 
especially in the marketplace. 

Think for a minute about how clothing 
works in a society. In a way, it drives how we 
work in the world. Whether practical or 
merely symbolic, our clothing qualifies us to 
fly a commercial airplane, argue a case 
before a judge, rivet girders in a high-rise, 
look presentable in a business meeting or 
geek-out amongst fellow engineers. 

Now, think about how wallets work. 
They not only carry currency, but various 
forms of identification as well. These, how¬ 
ever, differ from clothing in one important 
way: nearly all forms of identification are 
provided for us by outside organizations. 

This goes for our driver's licenses, our credit 
and debit cards, our membership cards and 
insurance cards. In terms of clothing, these 
cards are little rectangular uniforms. So, even 
if they have our names on them, they are 
not ours. They are issued, and belong to, 
entities outside ourselves—entities that 
enable but also control and restrict how we 
deal with a range of uses. 

Except for sole-proprietor business 
cards, none of the rectangles in our wal¬ 
lets are ours. Yet, they contain the means 
by which we perform in the marketplace. 
Here's another way of looking at it: the 
cards in our wallets are like proprietary 
drivers in our kernels. 


What would happen if we had our own 
relationship drivers inside our own kernels? 
These drivers would not be written and pro¬ 
vided by outsiders as ways of driving us as 
customers and citizens, but rather written 
for us (and by us) as ways we can drive rela¬ 
tionships with governments, retailers, health¬ 
care providers, service organizations and 
other entities that could actually benefit by 
not having to control everything. 

For example, we could have "preference 
drivers" that express market logic, such as, 
"If I'm calling for tech support, then you 
can't give me a promotional message." We 
might even add an incentive, such as, "And 
I'll pay you $.50 for getting me to a human 
being in less than a minute." 

We could have "request drivers" that 
support the expression of demand for goods 
and services, such as, "We need a stroller for 
twins, sometime in the next five hours, from 
any retailer within five miles of Highway 70 
between Salina and Kansas City." 

We could have "trust drivers" that 
support the expression of our own usage 
and license agreements. These could say, 
"Here's all you need to know to trust me, 
with automated links to one or more veri¬ 
fying trust-assurance organizations, so we 
can both be spared any wasted effort." 
These could selectively disclose relevant 
memberships, credit worthiness, past deal¬ 
ings and so on—all on a need-to-know 
basis, without requiring us to fill out forms 
or even reveal our names. 

These kinds of blue-sky scenarios are 
prevented only by business defaults set to 
regard the customer as a dependent and 
subordinate entity rather than an indepen¬ 
dent and equal one. Preserving this kind 
of caste system traditionally has been seen 
as a business requirement, but it's not. 

Free customers can be a lot more valuable 
than enslaved ones. 

So, why aren't we free? Why are we 
dependent variables instead of indepen¬ 
dent ones? Because markets are pro¬ 
grammed and driven by vendors and 
other large organizations that treat us 
as devices to be driven, rather than the 
drivers in our own right. Or, in tech terms, 
they pack us full of proprietary drivers that 


enforce dependency and wear blinders to 
the benefits of customer independence. 

Customers need to drive and not just be 
driven. We don't yet know what forms the 
driving code will take, but there's a hole 
where it should go, and it's in ourselves—or 
in the layer of code and protocols by which 
we address the connected world. This is a 
huge frontier, and so is the huge new mar¬ 
ket that will open for commercial facilitators 
of customer independence. 

The need for a self-hack was highlighted 
nicely by Facebook when it launched its 
"Beacon" advertising system last November. 
As I write this, Facebook has attracted more 
than 55 million users (not customers, or the 
company might be more accountable to 
them) into its walled garden. Everything 
went fine until Facebook found ways to 
track, expose and monetize users' relation¬ 
ships, by following and in some cases expos¬ 
ing the crumb trails they leave on the Web. 

A great cry went up, much news was made, 
and Facebook made adjustments that I'm 
sure it's still tweaking as you read this. 

But, nothing it does will change the 
basic problem, which is a lack of native 
power on the users' side. So, in that 
absence, all the rules for relating to, 
and within, Facebook are controlled by 
the company. This is the way things have 
been for every B2C company, since the 
dawn of the Required Agreement. 

Does it have to be this way? No. We 
don't need Required Agreements any more 
than we need proprietary operating systems 
and software. Relationships should be mutu¬ 
ally respectful and agreeable. Much more will 
get done that way, more cheaply, with much 
better code and much less wasted effort. 

So, to sum up, we won't have market 
relationships worthy of the label until market 
space becomes user space. Until then, the 
markets we call "free" will still too often 
consist of "your choice of walled garden". 

We've broken out of that conceptual 
trap before. We can do it again. ■ 


Doc Searls is Senior Editor of Linux Journal. He is also a 
Visiting Scholar at the University of California at Santa 
Barbara and a Fellow with the Berkman Center for Internet 
and Society at Harvard University. 
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